hxxps://sourceforge[.]net/projects/fortnite-cheat-2024-wh-aimbot/

Resubmissions

05/12/2024, 09:24

241205-ldbs3atqgq 6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sourceforge.net/projects/fortnite-cheat-2024-wh-aimbot/

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
304	camo.githubusercontent.com
305	camo.githubusercontent.com

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	9	https://sourceforge.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ed2fc250fbbecfb	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778643078992865"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
1088	msedge.exe
1088	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
1428	chrome.exe
1428	chrome.exe
5528	msedge.exe
5528	msedge.exe
5528	msedge.exe
5528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1428	chrome.exe
1428	chrome.exe
1088	msedge.exe
1088	msedge.exe
1428	chrome.exe
1088	msedge.exe
1088	msedge.exe
1428	chrome.exe
1428	chrome.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 852	1088	msedge.exe	82
PID 1088 wrote to memory of 852	1088	msedge.exe	82
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 1772	1088	msedge.exe	83
PID 1088 wrote to memory of 4988	1088	msedge.exe	84
PID 1088 wrote to memory of 4988	1088	msedge.exe	84
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85
PID 1088 wrote to memory of 2872	1088	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sourceforge.net/projects/fortnite-cheat-2024-wh-aimbot/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1cde46f8,0x7ffc1cde4708,0x7ffc1cde4718
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:7012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:6644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13346060201896272556,9223425921041086159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0a2ecc40,0x7ffc0a2ecc4c,0x7ffc0a2ecc58
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3760,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5304,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5292,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5260,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5316,i,1903497945906088499,7690380763837718856,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:7132

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x510
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
a6b4bdb1fd13a9b8bc0aa2c6f5d83d39

SHA1
9d92f4e12b596fbadcdad0fc2329cdd8895bf2d6

SHA256
68517778841a370bc837154508f24fc8a7e03ba7a57f8a117f49e81a05e6f539

SHA512
3753a3e8106b9bebf60ff44b15ee93e68dbc474a7075d312b81de03177fa7169daf0c38c9fd01c6ce1c7324d4f7075a00d123695d745abea89f53bc9bec26231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
865750de6b8df500ac51a8931c61b884

SHA1
549a6192fc4beac8d262a73a7713d4374caad7c0

SHA256
2e26d6205a886447120e0e933cac06d33f3530beab6045b480b0e49f3e661252

SHA512
cce2e309b1b0a6fb7a04f1515ef87dc8c3ef523fd30567b932111ebf25eef93fee0a0215d7622fcf1a35a390bfde2879360489e3d0a51506ee65884a776a6212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4b61c29e0fec1b4868698c1eeb30f6fc

SHA1
5b061b94597f443fb519fe8cbfbeac5d674f9f87

SHA256
147570592e5d7dee8cde5ccb85bcd1134ff6c853fe5a05f44b707afea443c423

SHA512
a50d040fe9e3b7c80a55d016cbb5eb9c6a5126b74fb900b6324cf3f66c0154a32595a0a07d3ae96211c1abb9a66fdb56853d7582f4d17968e77ebef1b959a97e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f61d317837af517185893c6fa54c5c43

SHA1
10ead42dcd215ecb0be43c8971faf680ea24d69a

SHA256
0507587e799f2ee57146b55dff36729f15cbecafe8b0c049dcc2383557941d47

SHA512
13c8e1b045ebe482a8603651d3154f3711ce212981564ae8eabf7eb2c8bb9924b46b233df07237e26e7dfcdf265d3bbfe8b5d7e19f0326b5265f2849e9a5653c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b6760c566c11a019c829a538a111079a

SHA1
7f77d547428135fe727d7594c72ea21c94aaeff6

SHA256
312b0d5aa562fe8428bada29c276a465ccd3cedb5dbca79edb254ab8e7949d86

SHA512
38cdf46ab2fd7f8af631a290054a728fa378461730ba50980546f0f72fd9a1facbf91376c325a2900ca908bb9753f752c29c62960bc8df3eed570f81eb6006bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
1c5f7d3f141d563c7bda0d175365f61d

SHA1
7113949fcf095f5078dff6e7941d6be028b0b95c

SHA256
9b09385c2efaee88a21905788a4edd1f9dc9b39be500209ac231ba73844897f3

SHA512
2c58c6d089f6b481705e53382ec52b9eaea4f8043ff3254bdcbbfddfb622c15b56f2fc7905cd5a3142109ca0819ab3e37bcc2a888d503acb048880668c582657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
703b28cfe0634547b443afd2a7eb2fbf

SHA1
a2f648ef0decf9ef7f2d219e600c7c3d7e15b3ed

SHA256
6e17baa3960d41bec3bfef51ed75983289a2a00a2e957fa62312bbd7c550ee96

SHA512
0dbe52ef28b751328c696a3665b19ada78ec129fb9cb5bbff19d376e54eb3da026d448aca31980fad72985c9f4f2aa17795026fead572b75e331518b12354ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6be8e58fe582c72c30be760a12c5a32

SHA1
a5b424a370f8574c00f459cd3f2b235bc53fedd9

SHA256
4b240502a25c8a7133dffbfb72e98d44d497cfa114634667b42026c114ff3b1e

SHA512
c9529d88f3e27e68141e47271a2a7ae98e3f7090769696f85a8ce63f514ad027cf44ed11c2f3a9bf1c9bb9338a53857e8f3f3d75ef81a49a4a04aa98946180f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b28212c4e5bdbd1503f54fab5fa56cc6

SHA1
ab260fa5637de875f6e6c7877cb9317597145b76

SHA256
34235df0156b73e1a6de2c696d3b8c08d947c99d02b4727978b9b17c769b09a1

SHA512
c9b77c6b4bf85394f801cdb7d5204a0904b41d44910ea490bdd927bf7aca30a13d8127620820a2c1253c84136a7f72ea9250899b9ed8d3344f33e652d4a06d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8a2f65cb4d62c0df27cc3c009a9b1255

SHA1
6bbc8d1b33c1f812466181d4b6a1e70d8410fabe

SHA256
123f0c6877a4c21709ed5fadc2d61a227af76ab4e3a30a47b9a9a82fafa8c638

SHA512
d25e372286ecf6d5a3479ec8557902d70f473e787b80ee09065dae742a30bbd230d59227a3d333180b828e0f52f7e79c9f73933227b85b78de555f4def40dfd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cef9fa0a3b38cd2a3cabf66bec799722

SHA1
9bfd20e7811bfd37234d9f706c64933ac341a9f7

SHA256
99ef21e786b2c5a8cf6231a6fa485d5ad44e8ba7ce268d5753ab7be96c3a869a

SHA512
7710da384da5d08d2bb0dcc079f9dcc7420ff72d788a52c7c59b02b57d9a2ba67a9537b139bdb5bb69bcb05c207dd82b589624523d643a974f4aef201be734d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
2b03e0493f530099ee7714387296ea1b

SHA1
3e890a8a8dcb90caccdadf02e211097c560efe2a

SHA256
2d98574299cedfb1f10ca33d4474abbb8c12e5ccb67f6cf5872b0cb451ffcca3

SHA512
fdcc3d9c7296e49aa822ecab58f9e7414b62d58fd46cf96a5b21aaf2b01396f3ca5fc04395539d8545d971d4f9a362a8e6047768cd6fb3dc4930bba58c8585e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
3e2566570cb06709f620bb79433fb128

SHA1
f7bafa6bac99a71658f3978593c064a133e5b032

SHA256
cebd37ee80c6bd8ba2458feffc5653de7c98a77d2dbaad78d9356c1aeeebcfa9

SHA512
6a9c343f1c5e3daa1c35e2636cf951ffde3f2456ade44881532562a4cc6de69eead72a87c891b21c572d386372689da5c5cf30cfdc567cd381f5896434e87d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
768KB

MD5
c737af4cb34448dd50e5a1ba95218213

SHA1
9f4fc8832003d3c04c1cd3eb6ab20b91142b44f5

SHA256
a82751291831a0b113995a33adaea98f6eec5fa231d256cdb6ec30db7216f1fb

SHA512
0b07e31302b1017d1d2a1afe0af8bd904fb1821befe0154446187f9c7f08e21258f62fc54bd8ae92b09333bc166629b545d49655ca162832f6188751a130b06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4506afaeb908206fd4c986b12b14b941

SHA1
b5373c5150706632e7f2d2f25aa0d1533d9677bc

SHA256
0ab00872ef9731db5823ab1e0ebce01dabd800e926ed561dd7af463111e36a7a

SHA512
5571a47d087fdbfdfdb78a60ef4287975c31426ccb1c90f7b5f2528b03842133815cf610577d31312e8ba6b0814d740ff0655972ab814598ba745e3501e98b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
5257382209061c1342bf2edf85949ca7

SHA1
de027ea45ea7d9f3cb7613f033e79749377dd0a1

SHA256
04af7918ff296a1a63ae7b4ce39a8db2841dcbb9e5a81d5fd699c6572ff4b47a

SHA512
373a19bb3ae07d47e194845fd90ec28846904686925233eb62e6d01ae9faf8fd3130e6edb3e5736e9902888b2a057ef5195f77c2ae7b1f7e5355727067fda0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e30cff555360529510956d708e65a3e8

SHA1
7c4ddba9089b5443b5527c3cad395fe8aaf6c612

SHA256
30a975f4a157da50c608016ccb8263faa15093e7a22471f9395f02e885b512ad

SHA512
99c15bc8b7a7c37535368624c9776224c1ea58c881a2230af9e885db87bfe31ac687abdf2397efae9f9ec36f3e6bfc0c3da262482bcb5357ab293b6e963a01df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9d83827fbe6f9a9952f86222ca891841

SHA1
508e6a52c3f334f1ff9a50d880e1e8b0daa972f2

SHA256
09fd170d4e40717498e05afaad519cdb39a3dcb1fe1edf3f3b9307e537bc7942

SHA512
913b5937f6bf8adffa0b16caeec01f27c6a8f35530782fa0ef5257fbbef9da0c572ba32f19760463bdfa880c2e43a0ceaa621fb11ad3bc5025f7963c88ac7aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
531fd0a77a57c130a3af466f7e1db4ea

SHA1
7271ac78f67c24af720c507f167b25931df440f2

SHA256
a4af83a307b85f45a69da6689e31fdf5c6d3b1107b868f45f910980cdca3b031

SHA512
f1b3ae57b03af4b5bcb199c4ac2673dc0df291198115f4dfcfd61cae8a25d83c1782fe162d81f5414e39b63ba23bf4ba208370624ea88768c379964d5699a0e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7fcf7c335ade5af487fa22575a01a9e6

SHA1
e7bf08a7dbfc6f13c08378c986d736be41da1ce5

SHA256
5a46f4d600d73b15c47d646f81c3868555e54db2e0e7d8beb9384924cf25d9f9

SHA512
2a4ca68fb7a6cc6a4be571261ccb0721d4aba2726f4dfc9bb7f884a04f7e76ef7a1e557b8c289480670f069a8c352a370f8766cdb59052f90efc5e4d7421ed4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3167e58b843b2874a5df7ecfe3f792bb

SHA1
ec705dba6739a2e8ad697d0a3efd60308bd8bdb1

SHA256
dba05ace8207f53861f84fa95d81541b45212dfa04d8148b76740f63b02b830a

SHA512
3cf08c8d5ca11187d24688842f076f8f21aad5499e6e56f4ee7924cd4da7c9da2c21bfaa364a2a236e6fb7fdde9c8c374fab9fe830e9151559c575b9cb28ab93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5b6614e2e058be6709fcbb5c55d7adb7

SHA1
587ce72f6549f367643c17d4e4663877301483af

SHA256
748f6ce31b87c5211f8a694c181565ec42a06ab1621879f00fa05dcd9476311c

SHA512
560eb3bf8bbc7ea738afbcd3d522f52f94043dbeb4f66194dfe0b6c9b927b04a1b9fc1f63990a0e124ed4cdabffd80885122569e56d7e7eca80cbf1cec1e6511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a5fd370acb8cd470b93ff30d7298338a

SHA1
3c85e62050f38ea63d4d82fb334b09c1e4876e47

SHA256
5c73c2263aaef667f5b8727c57b522aaad50ff3404c5b5c7e40fd13add1daddc

SHA512
6a1f89dc4c4f4a04ea3454afbe1690bd4ef48769ecc2bb309a81bc6afe0e192edb6e6a60ea2a41d72358d05c1ba60221e416c75a3d85532880b81d06ec46fd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
608fa86ec4dfe73c308c5d5f3e603611

SHA1
f58a495060f8e0b492f3a2b457c067d7be72c94d

SHA256
6b42fbf7623f06d28836b776db3d6ca369e0e50e03daa0d4506ad7b2a0256da6

SHA512
9a5a70e6eb8e67be0291006febe20f5cb8ca5b76ad4c84d774a8f20cf884766f2f7f554e8e2838691a9699d1bae68dd0c6524e3cf3f170672c2470310df4b95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3aee76566084961c381aabd5e73dd3c4

SHA1
1f55257b33e83a67e1c3bd8becf704472b65d7e9

SHA256
543c6608d220b61832335fe26671accdac9d58f6c4263313bed6794af124350c

SHA512
456cfd15167cdd86d2c69091adf5f23590c8f20f18390f1c62daad816f63146e7b861cdb8f8e120e3959165546d32784f0d038064b9f2098095cf1bc1eaedd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
346c7cd039911e5865b177de16ea68d4

SHA1
8cbdbf5cabb237b999ad5f2f15d5eb9c1444c9f2

SHA256
f0c75d99c9c2b3298af9e3b4dba59026561e38c32b647ebeaf8c0ef60b7f7ab7

SHA512
5984dce928cc29471c4a12dab0f7a9c9d0d30e04b88713c50b341ab9787c87843d05aff662282127505d7d2f300657039899ee3f2632c2f42cb0c553980df0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4054071f200c84ffe2e33b845e601af6

SHA1
00ef890136bea07d6b1d3d21a03dd6c685f36345

SHA256
51c5768525cf8163b9f0386f27791fbe7c5b1c1fc760224e27f5eb17046043f2

SHA512
baf143f9cf7e5287171573e4df251e0d1eb4c7092147a91e48c8eb4897e184f1415527e50e0bc318965d78848f70cfa2931c59d6c1078f942370976de89b2b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8daa63b8e5f42f70a6f0f1e934f78586

SHA1
c23f06e24ee272a60a5ee7345e3f17ec1cfa42d2

SHA256
3707e798c062513383c8e1ef86461133da3d3f6d463b89dd9ebe0651d18217e7

SHA512
b9d0279cf2ba8ecc739079bca1590cafca887039013cbf949c56267677ce897b759d7b685951f6b5f498d266ab2aaa6bc0fa75b599561a86b68e2353b6c9ac49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bef6d3b8c331c2653b0f79e6d92b9ff6

SHA1
370b8714b0480d6152c137255f9add5843c9212c

SHA256
286bf53c1e3b89dcf0b1976592be491338e75f43648410c3f4e3d1f62f659f35

SHA512
e25eeb5f218a16b698dec2bd25a6d84a2cfdb109641b0e239ca8bf453f1cabfe26e661c32fa63b18bca92a1cf5e8f5f486c427f2a5e7b7d603017a6d3e778907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b476.TMP

Filesize
866B

MD5
dfc699509c56c50c8e518bad9576bb4a

SHA1
f91cfe7ede6eccdeaa7c901c97582eb105c75dc5

SHA256
94b4816ffd55c2db8d783f01c090e7c1ff01424bc68807462c1fc4698866c1ed

SHA512
a2560980803fd2224f968d57a197f67d77fc0c868c3ed475537def9a644fe57341db42c7f4c42c8a5e509b58d45be79f8686963128d15a8fa81e67fa10e9ae02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
698f3c58171eb5683c4d7e82573fdba5

SHA1
f2fad4896217c88e3a524de70f72bbee02f556fd

SHA256
c230dede1e8056d599ea90df010a180881958c60218b7d0334f31bca25080fbe

SHA512
fa72cc04a605b20991d03200588ab1477095dd8e81017e6e1d26e83a3d0b0a374e44acd502950faed086b0ea18f4cacc9012382d870781ea658b89f2ff5260bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc8a3a1f0300d1f588cdc07675346a1d

SHA1
f3f98c050d3d29d7e77398a808e2e7607826543f

SHA256
a50aaefb8994c9a2c4b188ff9e8f34f016ce57bda9f26d3325cebd31d223fdfd

SHA512
0d11cb71fb065bbee83b9662acdd4437c5bab5b2edf131d9833a1709b38ff6cecb02e508de5b1fbbef7eef02c93982cae060294bb9c979d6961fab394762431e

Download Submit
C:\Users\Admin\AppData\Local\Temp\9430d6f1-a269-4590-84d1-d4ded86b6e5a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_1929424084\14d54b07-61a2-4cef-a853-42048f1e020c.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_1929424084\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
aa5df8e12b4a2e4fc4767c11ce89f94c

SHA1
fa6af5d81d7c81e35cf476b87d62a6c234e16d4a

SHA256
c712baa3a2ef576cfbafc1e333dc0a7de386b5609d1d04750a9fd68d2345d519

SHA512
2222c44be0d85696f40b6ca6ded0af780ea45c64bc070646084220551009f369c16f5d756217d1294fb7e4fd192c636f24c32fa46030c6e03ebb86e107163fe3

Download Submit