4219dd76634834119f57866c1c0d19fd37cf88d4869d5d98bdc03d69a6422bc7

Resubmissions

10-12-2024 19:55

241210-ynec6a1pdm 10

10-12-2024 19:54

241210-ymyems1pbl 10

10-12-2024 18:24

241210-w2dbxaxrbj 10

Analysis

max time kernel
89s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2024 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

discord_token_grabber.pyc
Size

16KB
MD5

924ef065a5167d44170ac81a60cc6fbe
SHA1

ebfa171438758dd9810369d3077f618bfab5bc09
SHA256

78a36fae762432c89f4c0b185e5c227144817199dbde90d16749c6bfc0fb1dd1
SHA512

15a2144fe6e0e081856fd875bcbb239a83da115dce2cda1924f71cfc401f13f681d5047cb80b40cdcdcb617c12d9c12f7bfdc15d38177ace8685c59bb631afdc
SSDEEP

192:bIqqTmuEWauge+M6DA8AYv++JDcNQshU8En5W4NXOYd/G7XW:+9avP588A+DDWRm5FOUG7XW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133783341723817427"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
5092	msedge.exe
5092	msedge.exe
3464	msedge.exe
3464	msedge.exe
5708	identity_helper.exe
5708	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3824	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 3800	4812	chrome.exe	87
PID 4812 wrote to memory of 3800	4812	chrome.exe	87
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 2304	4812	chrome.exe	88
PID 4812 wrote to memory of 4004	4812	chrome.exe	89
PID 4812 wrote to memory of 4004	4812	chrome.exe	89
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90
PID 4812 wrote to memory of 4924	4812	chrome.exe	90

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
1⤵
- Modifies registry class
PID:1088

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc1ca4cc40,0x7ffc1ca4cc4c,0x7ffc1ca4cc58
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1984,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4788,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5320,i,1422507887252923822,17215857066290634670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4920

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc09eb46f8,0x7ffc09eb4708,0x7ffc09eb4718
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12900406884228275954,7035160923282350457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6302672d823302cfcb81b9c2827775a3

SHA1
35092253528315ea601e1545f4cdeaff6d6bf1f1

SHA256
316b0b8be76510816778dd84cddae6aefc9d263da4081c18bf5a85e8a60d4660

SHA512
b5493a27eb189961eae7308f543758779fb58057e2c33d3ee860cfdb140f4eaaacb516aa1ca2ff67f815f3f9502614d98c77c8510d7a52e95c1e379840f7fadf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4a69537828f8541917a10102bebd2d9b

SHA1
97596e4dc0620656a4f3c152668d541e35e3a25b

SHA256
6e3544fc357f7f14d1ecf81091a6afc99664d776b67c3f1334eb5f2d482c97d8

SHA512
cc1f8f426697ede417dbd34403b54e157ae9a700c72b1db1e4d8c7d613c89bbb70df0ca9613186ec1fb56ea009ff48d41fbf99e005f76cb1d6f68395ba1f1ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
335c16a06e32272d78aa0ef372f89a92

SHA1
35fa1badf43192bbcddb7c0c2dff8d49fdad6bf7

SHA256
3d9cdf397025e51eae0b113ad2b211fff61e262b8d81dde8d67acfb592036ea2

SHA512
fe82f98637cf096973c6db4c6a6138ca84c4cef2f68cd01715a1cf192e875ef20a59ad9906716b0d41b7b13cfc4b55bd2ffdc9917f4c9450f611bbb73d902f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8893694cce109535175a05468f6d4ade

SHA1
af80aa16be188a09956497fb7fa4e08cf218012f

SHA256
60ebb0ba54a3855b4d1203f32d90b658966fc172741b39419a887674dc35d7c7

SHA512
920ff1c5202aba0cbbf6260ec54ae365900c7c3460940dd5fd3224a1f8e99cea1887463be18a726131a535191659159d4e91b65695b27fff9e603573393e9a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3569fc25802ed32e64c89c48e2828d4e

SHA1
b4bf9577f0f61562e1f2d36979947cfbf7dc0292

SHA256
96b944e4af969cbe71407687f026d5ade25dfb351b3a6d4729f4722bafe55f05

SHA512
cee4d7c822eb5dfcb4b7eee83e608ae6d92dc877e3d1f902bdb50e44d73d345201134909a209b70fe7e6ed75c9322b67c78af43e23405138e577b1fe2e68beb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fecfa3ca863cf67e4f055b22b564cb6f

SHA1
e825439f4a9f1d0049d95b263e57c9e54ea951a3

SHA256
1b09f6002d3f87b0e7ffd62f0b3af46721d57d1b110fe4a12692e9a947a8fb49

SHA512
1ccf9f209654f00d5e18073b4558067c349b5e6aa3dd3be54f244918e5954dac1ca596a04da1351a456d7e7c48b451d819ee0e460744a3e7df932967f2c38ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
612af1667a6e60389d81e54fbb0f537b

SHA1
3f2ea92fec3326c1bf03e69056227cd4846ba665

SHA256
8cb67899aa94a2747da69c6c829c4c7d1d7d6d43e16bc95b54a49bd5cd21fb1d

SHA512
e96dcb6f0915a542676868227692260ddc95c6bd134ce16153b772e0121a1c1b494f8b96046b091c714dd1785f949fe75b94c59469860520d0c4468c790b64eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9404890cb8cfc9d963b814ebd21b812

SHA1
92da91ac689ad7fce65244b34948035b9d9b9a65

SHA256
92b5fdccb787d3c1d11474c6f73c5788b7aa73b5e001501cdf36fa371075d8ea

SHA512
8a339e16330e03b2a7df124a02d265a3c000b56b8bd2ecbe75da9383f7183b97b9c2baa6736b516fa26bfaa6daa2b1859970172d5ca43535ec2374320ccc2cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6e90766782c89e50b4c13624851d62f

SHA1
9b1ba27f6489b68c4fd6441478be69c5e8b96175

SHA256
5925dc26533b66a1a55878e6bf4c052b2fd4e8a91582d1580360f0218b04b5e2

SHA512
03f23191fd7837bdb9496a9d90b961cea967366ced9ffdea231b86a3c17fb18360e715745c6fcc5b8157d8ee2c3c800bca49d8c3f72823929af9d37d2262131b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29b966bc49ff698987446cfd7b15118d

SHA1
ae723f363bb6e436a152da9365b0d8d3852d4eb2

SHA256
e8137a7e5b760fa939cc44178f6b17b8e910d058b11498211fcbba8924ad9b75

SHA512
f8e29cdf9c761285dccff415c922b8e37c98d2e8608ea048acd00766c6811788246cbbc69714c7ca09dc2d4b0c66b4ded4dedb9c57d8bb8f9ec1c8026ea70fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
12e9cd3b1a532656261eec09eeaca62f

SHA1
4e1704c93fc39d9811affce51ad0be1d66248331

SHA256
69fcca37f9f1d1d52fef7bda3eeee34688c4f18cfece593bc80959afe9b85e2d

SHA512
e7e69c98bed503796af5ac7001e98b269c33a31215c282ad939426edb106ed900f61572405c7aeb13b51787fafc70825b2a968c13a64aa407e7bbf01d2838cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
481cebcd67048c56d158ac49b6892ee9

SHA1
9570eb199669a7c6c9686553b87c203dd7e7e919

SHA256
fb24d62f2c973ba443bdc548d684e9b66a91b737ffbac6e0906027a7e7b31337

SHA512
67cea557548379e957aebc83f05193aa5329a3267f6e82974a5aecb8e5aa2bef96f09804bd40d7f3d855e31379ea10169f77fd76cb7942c10c10041373d2a76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
9f3d75e835f66f7d4ae4d6d220f638e8

SHA1
7a7cc78686838cb4276797f4a18aa8c2de749e86

SHA256
045c0dbb39de18f49c4c2ea99bea1e3592fbc6f5f854cc08b197965094413ce9

SHA512
367cb0b00f09f07aa7067600cead068248e4081e5cc74a16a30106ec93c89c1241cc8fd0fe343f5a22c61ed63aff28c20f91ae651d0b6fc3f2dc7c5343d78619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
6ebfd5b81b157a3ffb15781b1d7b53fb

SHA1
25ba79bd633c2b2501edc773c56ad5ec6fea9edb

SHA256
d4a935f1894d05c7f24bd88348e897e794c9cfa8fc422aa79404c09a818c47c4

SHA512
a84ceccff5933686d997aa37c94fd9945984271260f57e301c4978adf2ff8fde1c8ed619b8c0cb7c2d3e52a4d19ca2eadfc1a9532ce165b38db9728a5cecdf3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
fea8599de57d01aca7f759c191883946

SHA1
6e2696483e7f272ffc75eaef852ba0253c1ef4a1

SHA256
8a1711bf31ad6b099c54e0f35dc3d6f9c89385394909ecb696cea3c572cda7c4

SHA512
bb991241ad576483c58ed4656fcb11750126ee730c61002edfa8b7cd53f4ae5aedcfdfd059209e46247a92aa8806c78e041bd9b1e0dd5882f72431040b36048f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1281e060cbc61495614d988686523830

SHA1
33cf894560a32b7e9703198cb481a554df9a7d64

SHA256
19be09d10a51bb213d81ba1f74ef77354dbb10180779fdd9eb78102d1505fc7a

SHA512
3492bffa4097abf331852a841629e3e1e6a0d9b7b12e25fc47543f111be2f26cd86ed0ba641762ca930db93460b5a264986f3062d57f3e87fcbaf11ff64e3992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d60b47e6739c17b7b0eff9d0450ea019

SHA1
f2fea44b3c20f585daf3d319877bfe5797d81c53

SHA256
8658cec4dd4c919be0ffca87e26e2ccfa0858f2fa936be179c5ef3d42b8ae697

SHA512
2bd7926f9492a6ddb782c906cdeb84ab477db2cf85fe16fc52f1e128b50b8a0c22141ac3b2ba3bb05ad92f938a5403184b62ab1e2b939c391ee332dfec1ef163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f88c886fa3da53f0173738e7ce80ce32

SHA1
986d27e3662f6aaed00c959fbe2196b574c90a72

SHA256
e631474fb02c83a8bbe3031b362de58067c9f13a820fadf275d873e64bf185b7

SHA512
b88941ad31429edceda8f4f7f0b6b13edcd54e722b14f490e6e4b3d8de084419398cdd37800187f684b51b0f6df9ebf299e37f338d8f21e6e9d3e663a6136431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6b3f516e5ea251ff01df915394b0f99

SHA1
0532632d008247055479cb60e658a05d7ec725dd

SHA256
547b4a7a231cb8027ef545ebad3f49fc64dd016f9851b5437d1ed6327fb66348

SHA512
72a22a31e3bb8de49fcca23f5a286f94bb531b76f68f0e632ef20f75012e12256b17923da6873098f072f99278810989d35892a5d3017f60b30f9df4949e3880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd9dea6affc732e0b688781ed562f554

SHA1
abc51011639ad695c86453ece9e6989ea1ca5abf

SHA256
bc787e6bde597dd21ed33f90a8104434689fe21e855f712bcb3fe6f130020ee3

SHA512
7231d339b64cb65db504a5d4086b453ef1bf4c972cc094d6fbc69defc4b8f5d76328b0c663d4fcbd893ecc8f8b39c6c1c63c4a0e689f6f409548198c15a7b012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ba051df8e6ea87e9afcda45f3047319

SHA1
68404f970557b666b0c9c4e178ebbd9fa5ba9f39

SHA256
9e18bafbc7cf64486ce027c3c7f8a387346c0a69f12d756d6bb1d03542fdef0b

SHA512
f602c15aad402664d782815622f3bb781075eabf737e2e3ceed9acf2a4798ed4bbe3c47576558f9e1d642c1cdf5dc57730177416ad63b0420a5cf91ecaf7d510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58895f.TMP

Filesize
873B

MD5
0736f4ff3da973a6c934af26d107b7ca

SHA1
fe71e124b0c1564ccbd2dfb0baa0825ebccf9481

SHA256
c52217e79e4e142c82c86d67803cf42de0ce710257446c93641dac594ac476da

SHA512
aac256b587081779661f6e4a91c2067daa31f04c39586fa91c2a97006d10ac905d2cdac4061a262c16608c36b5ba130ef18116ad970c2700be0b34fed813104b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df0d3595-acc0-499b-b1d5-3369f52f1003.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
638e628fd18f8ad11e34b56f8b9d57ba

SHA1
bfc2dd9f480b2c2f0cb59fa128ce4e4893905899

SHA256
6087530f33ce8d065e77bdeff36f9d3a0eae758154ef1c8f4d0ce5bd8da3fd6f

SHA512
28859af25e6e5af10b931e9c2083169d45be7d44e6e5030c03a9849ceaa3d3c4cdb7ca0f2f6dbc0bc9b771e72d29699d15e10349805140b350f252e1a6e6063f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4812_785129634\476cb75e-671f-4145-ada8-0950f9c1d2de.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4812_785129634\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit