hxxp://Google[.]com

Resubmissions

23-12-2024 16:10

241223-tmtdgavjal 5

23-12-2024 16:06

241223-tkkcsatrej 5

Analysis

max time kernel
195s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794436536238935"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
4208	msedge.exe
4208	msedge.exe
976	msedge.exe
976	msedge.exe
5652	chrome.exe
5652	chrome.exe
5652	chrome.exe
5652	chrome.exe
5480	identity_helper.exe
5480	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 964	2356	chrome.exe	85
PID 2356 wrote to memory of 964	2356	chrome.exe	85
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 2184	2356	chrome.exe	86
PID 2356 wrote to memory of 5076	2356	chrome.exe	87
PID 2356 wrote to memory of 5076	2356	chrome.exe	87
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88
PID 2356 wrote to memory of 1488	2356	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8cde2cc40,0x7ff8cde2cc4c,0x7ff8cde2cc58
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1828,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3020,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4596,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4904,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5184,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5204,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4856,i,12554363658385625251,9063989951480760046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5652

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8baea46f8,0x7ff8baea4708,0x7ff8baea4718
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12375704459908750843,12135410100589309654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eb099056b032810014acfe5e06691530

SHA1
e8fc90a10807c43f8daa593802ecbcd433d4eb85

SHA256
e47db759f0f49ae0776d3074d7474cf43ba5e34bd71854d912ff03d911a1784d

SHA512
4b448407391ef1974437a53c652f530ab433fc8c568cc57cf312b2fb7b38e7c578073fba3bf251c9f37439f182a9728102ca1fc807fdbe800cfd566e366f5444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
98666084700ea76a889eba47e874e74d

SHA1
1a705dfd9f02b7a11ee224d85e9d41cb2a197747

SHA256
d298d59649a60974b60a5ffa15e6f414903fdf51e970b16b6aa64e6b88fc63c7

SHA512
76dbb3b54c5454480ae88a645a135c6ccdb449bf0af887243852318225a4a1c6f97259b4e01da3a591058e903bb8a2f654334c9a155bb55934e8d2d41bfe9e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b9deda2f95ede44a2888ac33922274c2

SHA1
42f1b34b74b850d03f1376a6699b74fd988ea8e4

SHA256
748c5db7f12500f03b876b359a0d64ab38f80dc1fc42a1dfe33ac7425157cec9

SHA512
4605a5fc03245b8ac829a47e1c1c90ac7264408c1e81dbe5c3b06e795f6cf7b99b7d5c27ae45f8bc4065de5f308931a033008780eb1bdda93ff93714b0b4b388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
aa46b2637d1a0591f0ed5ae961498d75

SHA1
4f4975fef4cde2be38d7f4754b7a86c0ac64fb21

SHA256
d440ce555a316dc233c89880c504ab39823a288b366c05745c60bb557f850a19

SHA512
6428154bd5d0ed79d09666f5323d495552e0eda491d237c7beb333cf618e1f7146f76c027ca0d0b0f0e54f03b266cc0502ce6900b59dc84115ad424bf4c02295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cf4a6142addde3a9cf2b7e83462b88c7

SHA1
d6560e183438457aeef119a0b94653241d11b406

SHA256
53ee5f04c61716a713ea6ad2db78d7762f2595662e45ee36690c36039df537fd

SHA512
35b33d1a6286d20647a28c42edf8100dd93addd8156ada4eb1b20c331ffc0eb6cf11c545e285853f60e9be2867379e3b08a0ba1466437bb8c8596aee20b60ce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4efd40600e533b9e33e01ee019e0668a

SHA1
16d3effb1814b0ea8b31f293f07ce7a7b41a1a65

SHA256
e7dfc1a36de7265eb62661dfa62546ffd4b67901fc7c2247c42dbfd483171369

SHA512
3141cb2f7ea41e8e9532286e518a397e6ecfe1fc1ab3b8c9585402f4663b490fe1ca7ba6f8902c9d89b6e3e48374963f5e53e20cf69d0cbcc16de55cbb556bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
05f80643ed354fba53c0b0a3ae616028

SHA1
bf8e5479b33f0dbfbd6f6574e07167e3e43ba84e

SHA256
09904adf80d06fc6bad2312d7dd79b90ec7417f922ca2fffa53932c375a8d272

SHA512
75e49ef1eb5516a43fcc308ffe2953c55732cc42992f2ba728141c7ffe1ce169ce9d5694a6e1ccf422f18b1603c6b994ad046527a39e4df2472ad5d43535a749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
376d1d391ea0b3d702e1a124d1852321

SHA1
c726e0905d2da1ca939c65e2685a0b9274723656

SHA256
226fc122c066a82777949a212200dbf9e539e93398678c3753cf0b5aedbb527a

SHA512
b20ad6f28600cd223a3aa345e69b2d36da21386e53d2e2234d22856c4f2a23ee5848104bc4d07dc39627e6128feb9f58fbb9f744937590261f3ef5a33e78beff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24896cb0d44201b4df9f8c14d5956d99

SHA1
ee10aa9d712accbb714a64650de548a5fa1bfa78

SHA256
2238401bf57b750960f0048d20ca20b17fbfc4ccb30aaf3809a55510b20512d4

SHA512
97a032e31fb7303938feecf4add9352579782569c235ab170affd8e327a120c901ec4a7ce3183c5856edc685c9085ccc8a83c026f529d2703cb009291a565c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19e0c25150b6f087ce78fffae0fca4ce

SHA1
a4ddf1aeb7c82dff703847688b27e3e1d24ec79d

SHA256
aa1cad2fff9c6ee77113917c22ef641955a18929f8121304595e8a674315bce0

SHA512
078c18cdb2f7f0b2f0ac21a38824fe7c95e8b7cf5587f01fba7258640a71238b724593afb7c92b494ddc71e905402e58d5cee1242978d40d07f57d63bef6c9f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
001564280f0b4cf800b759b1dd3923bd

SHA1
f019c509623ecbcaf38046f3698037b6c1b1250f

SHA256
f80756cc7b7bde6aa6ef82f63f808ce7254a8740582652a9f5d6bbd479950431

SHA512
ac95cbce95c2803d60fd3fef2af8898835f06038aec95db65249ebf26b20d49253a3958c2a35a46a612c92ec855f45a420ff3bee40adad52d56f043c6278f0b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76e4dbd1a2d99df187e0b474a51ff0b7

SHA1
7ff99a2e9be2a003c0f657291483699b0356e8b6

SHA256
194ab755d55981ab51e1a3b514d9c129e69642189bd72af0177e3dedf252bfa5

SHA512
72b13ccc7da199fd2eb8c00c31c3e60efe59eec4b9159c3d8dc54fc115cf909a8e29afe7ed5f0a7503a24e057fd5ae4502c5a0e28b00ef5167f9797238824867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2d511c0d1b37f0edcc8e86d1346ceee

SHA1
bab25fd37ef5631f61672325b5cb9f076e9e8f88

SHA256
2a20af1fe02e743e4d7fe144b98a04712bf3f9e3d64323fe30777672a2d438b7

SHA512
6e880d9af9d64a743b6cbe01df664733daed2131951abde4488ddbae22d6714e988f7df2e4ab554ad041f952a078f9d1863a36f9be8147f769b2c1a9bb2c3ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d1b77f01edf62fd6c5c9f28b7c2322a6

SHA1
c36ec2e30487808ac626941caa409731939fc44a

SHA256
84f3b84357fc887ec14df78a8243227e106f5e9c1597f27403003eecf3071507

SHA512
787d09122bfd46bdff7e367d22ff022b2adfee2ca7d15b19962ae3a6a9065ab26136802b5b414dc44bba2b5e178735311ce70d3d134664d9cb5f9d759ed384d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5c7c91b30f3942b8b15c7d8cefa9608

SHA1
c5e3a7f9b9b682e5bfbc3737f9c1b1d100ab24f5

SHA256
863784f11b71d6a5fc9a1c852d73ae32b0c5092aff1909bf5579b32dfa0e2d55

SHA512
e5cd952e71b3b66d87bdc744fd77db509e69ba5b4898384da2a7876c23ac6654e32b3fb8fd293a4188f71dbe1bef16a26012de40d57c935065a0a6bbca7301f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87d9057d8b974f30b9be7535a7fe072e

SHA1
018c883f9e8350b5268af048ed6a4c5ee892fb24

SHA256
4dad2d045f1d6c047fa44708d0918b154c07c78652a1515542ce4328e40b9cfa

SHA512
1250485c42f509f7e1483b2770879c799fa872e310d0ecfb894c4f4046d05ab222323090572cd58e99435775bc4b52bba90c9427fc8122fffc7027282d3d19a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52ed63124113878e08c66a20bc5fabd9

SHA1
d82716da33f7de9872f5408261b612b8fe0f9f57

SHA256
c95e712f56e54f9fbf165660e938547c8e97bb7eb2182f0f8c06de2e60f4931c

SHA512
370b3bd08b80262c7dafc603223562bad44508de673551faec22db38ecb664d277aae1b640738f6652cf05d5b28613e584adc0742b960922d588f1da5a128096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce052665f2c780f98715e4da83bc1788

SHA1
59d0ebb63337a62aeaba46591907ee373817e345

SHA256
39bb90cc57218446435dd5b94ab94d8da685ae7b988bf94a7a60012770429126

SHA512
74fb07d6b7425b7a7c6ea1d5a9fdd700ac9f40738b441eab3963a261e73fbae3353dec8dad8ecde564ab0274c0633a966255e743b863a3fc47a4baaebd07c2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e7108b12bed90b9ea227234da1624f0

SHA1
fcd59a5ce51aaed56df0a07948009ed5b73ba4be

SHA256
f4c61a5ec8e79076a2fddd7f1e7a04f4109bac6d5086ccbf31a8d898e5b3d00d

SHA512
9ba46e640687e3290b82be8938a7645d275ad5cb2944629bf5dbf7a414e8970f95cb777e61235842084b6a901e1e286d62e3bd248cb34c290fcf2eb44f034f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64ebcb79ea861923ffae6c85dc51ea92

SHA1
32aa1559c9ad9b13e0fd8a4ad01c217820b8acbc

SHA256
b46e40776262c5bfecaa8b3d93ea30be52eb9a61d9f738a55b0be5b96f0a7c0d

SHA512
fde57e36bb8bea9832eb3fef34274161ddba34d76f6fb6180ba2d8b384bbd5b3a464ed4131074a71a0b124506728028510cae01e670725c62e00634a04b9775d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e759879173f02fb25a4344fca66d0b00

SHA1
e700c28c8a93ba8788fc3675dadbe8e77141993e

SHA256
4631f34aa1564bcf9e20a86572aed25d67deba358e01c068c338f477d927bd42

SHA512
a4055df8bb394745011ebd003d870c82aea409c72b4f5bf9f810c8db512be805a245cb87e61f5d8f109b05866cd26613812dc9d3a5c03cd42d2d104f28c8e7c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a3ec4b1da206139fcc22fcb615a063bf

SHA1
cafdd81e3718cfccaea8f3837e2fb5742e2debff

SHA256
79e034c4cdfb6f05d70efa7012ce229590c1eab9de403a888f01499b2df2ce4f

SHA512
4fd137b107b242b295b649b4bc4cb341c8b8832cfb847dbc8a9782690298e7c3ed112316ddea8201bc376c6b2cb3d72d9e1be4db55b0260f28a106be56f1779a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2a9cd16ade2552c20d5320757c74171b

SHA1
c2916aea945a545183c63d2af87b9adbc089ced7

SHA256
cf7ed1330036bd41fa0aa6b6574767465959d968835993fae5b672fa0a6cda7e

SHA512
ecc94a97c109e2e8a806d3ac8b84a89d2157e19438b8807a2cb632bf433b4101aad49e44e96e72288ab0d25f2e36824ffc12aef41b22ecc00a3f155b82f18db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
17KB

MD5
a421438ebae11fcb4808982f78536c8e

SHA1
cb3287d6dc2557343cc2e4723f6bb5e5534ab075

SHA256
8d40f05f3d7b0c08cc959534185a4ec52963c06322e7c31dbf90266d9a0c6bfc

SHA512
5f6e88895377f671f867464313290d9cea0ccf4377ed74153c3fa745456ac35f9686fcf0a2e9643316c60f5bb677dfabe1ff408a56318c48e0f7853954abfe1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
216KB

MD5
60f3ab1dc0a84cf62f6d7c533345ff78

SHA1
68bd632dc672aec73c776b3c49322ac902e97516

SHA256
fe3fb6603c5f71392831a1b000179497379624f33a652b74a2ae7afa545cd942

SHA512
fcf4d20a55afebf404d04d2fef682865ddb85c26752786722e2193a37670022791f87426f3d9264e6a012ee72585cca1a3433e0c65ff75f4ba6c07ab4c288ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
171KB

MD5
5e54d2b12c7935c52fd05e45837ce134

SHA1
191365e57dda9439be5fc2a8422f34041fa2737f

SHA256
89885fb85c2e5b448d5cb074c5488835733bba49ef32e794c2a40204316d1808

SHA512
68a28b17d6af71b5c1c3fedf947462919fdf2ee5a7f1a3505d8872f9f1cf4bdd314439ada18219a36690eca18fbd1b04bb48e0f7ffafb1678dc6b3e7634b75ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
17KB

MD5
c4d9e02f4affab9323225f1e50118b3d

SHA1
de03c94e42cd476c1117a8e3370966a4af073f13

SHA256
a2adf507c3e5446ea0ccff13ebfd4bcc369e1c1c0cc28077eab2dbc6b272ade6

SHA512
c050b1cfd2686e0be70f54a59d8666369b8d41785ad0c6c79581f8fb4b3dc4f998eade5a0811eefef3162589c9a7446f9f2f3eb3933fe8a63068610ed1a34def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
69e1be55bcd52b0108b084d0478d2c64

SHA1
2365eeaa5545f10f3f7e993253af3628b401147e

SHA256
4f948ec8b2c3c8c163d683ad9939d898de45f3a816b11d34db21d270bd05eada

SHA512
d300fadb53fb9b9e1da50382537e21b4ef57e89e2da98f902f6fbb06b7916836cd66882163d190d10612ee1e01e4031c9120a812a62739ffe3dd9e3c049bda17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cf52448906d181ee8b8266ae725c2308

SHA1
0ad2c5b6950493fffbba0dfcb272bc7e92c107e2

SHA256
ee1ae1e816dad254891ad95092965892a436f9cc666563636c1c8e614f2da506

SHA512
1b3ef531addb174229683c237f17c650d075970b9f427a63abcb31912bd8abf627b4710c64e8882ab2a771453c2da14a43cb7a96eafb06e8764c4d2a28608c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c2fa7e6745abc2350e1091cf7dbdd89b

SHA1
10d4dbcc9eb284101ab93bac1b718fe9da2e24eb

SHA256
7fb2a939ecec7723f2c9ea615f4844ec1138b6144c5191270c1f7cf022bc7457

SHA512
c2432a2c516045895eb4d1d79fd0c8a25c1680b99e13614d0ca843cbaebec52f34c21962488748c1621ac178e288e20ab35715a3bbacd5f6013e0dbc53e9065f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dfae24bd8024313257b04866a3fbb5bb

SHA1
e8e85ee2231a0c509b401698ead2218863257dba

SHA256
0f5967b4cb0b64b2d2a568e6592742d023f26f472f0e5abc35a080524436b2f0

SHA512
720433df6e05c277f249145d3cf2a1198be15abd499e3de93e0d6629838b87a90b8c581a3c24d3734831fdc9d94f599bbb71e676a523cc29423e825d82964673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ffc61c534e2db0dac3b84861d95eaf7

SHA1
ba77158c1b7fd3a3002be414f81a66232e9cac1e

SHA256
55694c2df4c1934f598d5d241687980983ccdda8fc02e9cd16e705a3fc78db1f

SHA512
d883719cc218745a864940bc393471497b78aa0230675ff5c2a12d32576cb1f68e85d864846925851133cfcedc0f5c3bd15acd8b5dcea896853198fc4c6e85aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a7166bdf17723228143b99554d0e358

SHA1
759614bf3c27a6add8c34600c11c5ce40be63868

SHA256
dd7b65e30cd3ce041436476abe571fd8130a0b829f569fd5c465718ae45792bb

SHA512
2cd47c5370b257230f729f6e667548a544cb82880a0d480299cc710497ddecd834596e3eb03770374e7f21a00cba058bdc147cd8cd6355dfa1a1e53c900ab116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5530c2c1d53fa618ece3b4272ae70c1a

SHA1
52000d1db781d9f15daff03b503a79ea03589996

SHA256
998ae3cb317d143138cc216d718c6b997a2560d9e4ab0f5a165f4d53ec3fc56d

SHA512
86fd8b3d6ae399c411c79ae7112232d17499a34b5fd8662285a285ca8b05228809019f6d2e016c2f53cb7666edba17128688537a85459b13d9f6f11f774f879b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79d315d30a4c79e18c692c0e313ec777

SHA1
5cb8ee082f5391ae975841feebb68345f359cd8a

SHA256
d3a534e55e4dc8a569346f903ba8f046beba206275ed489bb6c0afce4ab606d2

SHA512
a6369d3e182ca369af10508b2b2a59fd07378f39131042fdd06acb9e90ed0a3bf44839405aa3415fc3fd630043ecdd24dc9368de66c299c718afc99763f77d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91366476af71ed92c880b573ae5a5e16

SHA1
1f682e76a2bc013d6facc8b461454e6221bb7ee6

SHA256
876edadfb9f6540ddf6eac4e1f0dfbc064a4fa7d192ac3577a489e1e85a26ad6

SHA512
efb801967b01a3f3e26a32f0a3580e96cd4425976e96f05d918ddcb9b151a98a2bdde067a2197cf889ff1cca32829b12697dedef9a981e0a2e28fc8f835598ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd50cc26bdd2dfe72fea417beacb6e2c

SHA1
f556f42112ca7ec0f3056310bb1ede88599fde73

SHA256
42a1612da1caccccffdfe387a3713ef37cda774960c89607e9f47bc8bc31b9be

SHA512
1580c3ca162d08fc76fbb389f74151b2d0e18f1327e48b0ddea0f0f2c9976a013a6fe1089d1de0940c3a7ddd2884caa2904e9b0678e9bd22c6802efed021edd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c23be91c3986de2f4df04c0755f2f21

SHA1
15dca06610d99ab0b4acdc4da339da6616c3b991

SHA256
26cead47b23141679bf5a9e3825457cb0850d3fc1ad6a71909ea8ab0099b98ad

SHA512
e385f48c0365f08f747215972f4822e65e2f6d8526b6ee5371413890723ad9176c3dcf1b5360720a97b53a054edd976f15e1879bf5878a6e7b39f6ef44514b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599996.TMP

Filesize
1KB

MD5
597238a0799693d60d3a06241d9904aa

SHA1
6810207f8b389818f269a2cd77ad862b357bf330

SHA256
c0a852a030ee6047a07dd0d4b152c42928f5d46868e51207e8d8a8a09e3b8cfa

SHA512
0edbb1adc761133254b97c7be32fbe471abf83d5e0dd06ede5fbef1551e6692a73a818d343618afc716a5fab63e35a2a9bff0dfea6f7b7dbb164b07f91cb2b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
873672013ccf7331f7b124a533ec65f4

SHA1
ec9030eaf3c8a564c047f0033dc784e722bc68ec

SHA256
73d8161f4099485fbfd8aa26b7c6e41683fd1ead3dafde76cdb8106288efbc3a

SHA512
3e8eb382f4766fdec8d3a5a81263b5e34555057895d44db5c9df09ea7b7297011dab27bf91ba23063a2eb30a3127ceff82aa495f54a838128124a52284e2f41f

Download Submit