hxxps://malwarewatch[.]org

max time kernel
144s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://malwarewatch.org

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808351590775565"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
892	msedge.exe
892	msedge.exe
1576	identity_helper.exe
1576	identity_helper.exe
2164	msedge.exe
2164	msedge.exe
2236	chrome.exe
2236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe
Token: SeShutdownPrivilege	2236	chrome.exe
Token: SeCreatePagefilePrivilege	2236	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 1600	892	msedge.exe	77
PID 892 wrote to memory of 1600	892	msedge.exe	77
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 4368	892	msedge.exe	78
PID 892 wrote to memory of 1464	892	msedge.exe	79
PID 892 wrote to memory of 1464	892	msedge.exe	79
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80
PID 892 wrote to memory of 3584	892	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://malwarewatch.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a8e43cb8,0x7ff9a8e43cc8,0x7ff9a8e43cd8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9153904757939004371,10880176468616661797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a5b0cc40,0x7ff9a5b0cc4c,0x7ff9a5b0cc58
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:3
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5140,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3588 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5296,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3344,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3668,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3460,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4284 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3284,i,5643098966087363229,16688020569114127851,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:4340

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
da872a280e707e7342dec272dd7d9a85

SHA1
8a07bd47954835113e8a07086cc38e7a43d1ace8

SHA256
fc355279e88ee0c40cd089f1fd308f30ead1cf7ba9f74b968aa2315fc8908950

SHA512
a5258fd6cee1325debd82d53e6658aba2464ca93d5710931f5e4cea5fb871a33b93c475d56118a7f4a263a7bc8c2b4acb5ddaa88131f6b418b3cbc8a3f2f8feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
9c11113336c855fae86401b7b6bf01a2

SHA1
b2757132e6d2f8994db1ccae8302ca8dec11ad11

SHA256
967776880fd2e03c3a5be80f2eeed71e6a5d9d5f258f6015f4286874b65fce7d

SHA512
985a89d62d2559f29e98874a20363883ae1f767d0ae18d48e9ee523db57b9c515b1d70bbbc0a2fb0222aa510db58bfbd8d8bd70b9f217896504d03af540d5e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
22a9b374e841c30856401383d66cdc7b

SHA1
5df91ed29a190f3e0fb019a7b1982a3962b570f7

SHA256
90ef4baf3e05b364b7ce03447a4062d158ef16e5e920fa790234c090b148a1f3

SHA512
02bbba7d7e3487b218548d333c88067e23d7c0753e0621f48ccc30c9f5f6acbb8a925966b76377a1c513ae884d50aaad0d57af22d3bbd3b0a306f1ab722fcbd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c3fa8e1a3113c0346bee1c16bef6eef

SHA1
07a10d271121815ad99da90bffb64973267166a9

SHA256
7525bf81d24ceed4e574a2e77a8533a397d1e9df93beb71b83d84f78f0662252

SHA512
1648a3d7e2699165e7caaef771adb9593ca9c12352ab8710d148d4071b94a964fd8e26508f0f610c55ae77e3c73c1e8be0478b6afa346067d8431a37a8a8a884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2bc13a12e74658fcf24db9752f869b9f

SHA1
2e8ceaeda66d6c1838edb14c052ef8ee4abaecd9

SHA256
5d0851b23bb95c4ba22f39cca85a87a6373c0cd1bb49ab613b2aca9b1a80e6af

SHA512
519abfe3961d69df5f4d4b741189548ce1fe8be45284d9f54aa3a0fc0fd383291f64a1d004f8cfc792064aee1d5478942795adde737235a75988645b309d1fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6ae3b6bd4b0b89c7abcd2b8f8dc1a42f

SHA1
6007e628acb0dfb5aba5c5fb9dada957ebe0f50f

SHA256
b23da0c5084979d05db6e631d9a56781766cd509b1be865cec53f7f0e91edf4c

SHA512
64a1ddf0d116cb02b00ac424eb5457cb7114f2441592d07f342ae1a2d97a4a5674b36239022590faabd8a0bb41611cc71c70e58a5a35d95d0340e37986e3d622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc898ffbe6a10bf77aef5975b53b2d1d

SHA1
c72a9b65b56a9f1e333bcd7753ca73998c7b5971

SHA256
78eb11c3b9c07a83ab3fe142231c2bfab1724fec1a96cf6f4dc552591a408d7d

SHA512
e0ad279ddbc1ff64844dc3b7b1789244950ad91594c672e10fe06e353d3c34d9219724acbd16eea07fb76711332af6919528bd67cb45ef1ded054e87cc0d12c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b0819904f31912e6a98258532cd776fd

SHA1
bc43eeb8435ae443a0abc5ec8649104b036eba9f

SHA256
97850a0e6724d37b6c1c77611d624cabae89749e5e6ccca0b043efdb5702ea67

SHA512
2087ea948cc8f4ee06ea3c254973cd9060f78c6ff991e4b66adf396af35fb518a652e5eff40a811d639b4b96416b6c45449444c4180faa57bdac7445a91f64b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
302a731f914e356520082701f148562d

SHA1
af66903b9b3aecc98312891cb4eec088bc7d1ba8

SHA256
f3eac7f1c4ba4b36aa415e71fb8b12a2549356814bf25444d8403e77b02f8880

SHA512
7ebf528eaf084c18f1b03872b2ec7887a422c638f0e1c136cd50313ffe70b6b978a1a67b9391bf976fc1b5db6eca5a241bde510815726fc240d0537fe4d533de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4457a6bee2cc211ea9c4a0a766bb0082

SHA1
d64a3af4e6ffd78a162d3da87d757ca659ea9d28

SHA256
2e01a0357015b9122e3d8c5eac88db3f265cbd1fb8108a2648a1cf020c6bd8fe

SHA512
ba44e24e5dad3adfc63cdf0d4c3381449608a1eb71292553f92617c6e6b84ccfa6c85c609380d3556d91c10898a27dc4e127a1384ff37e3e6221bcf045f56a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
693729bb7f5b4de4d7557c9fae13e932

SHA1
4fd9d4e2bec22f25013dd24a04cfef8fa60e0efb

SHA256
93d4398e0863b6a4668fac7149a5e2f4f4395f2e451603ca1dd2c95184a503ed

SHA512
da1076caf49cd3e2620c5486a184a8b463de0c55f7a131c62a136c5dcc4d757eb720efee784804b1b87772a25082835e5c4fe2cebba83eca13bf894ecb69ac97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7c4594789dced44723e7e94dd4cf3074

SHA1
216c66310981f836171d1d60215bbbd8f2178369

SHA256
53245bd9fe6af25e8a3a57254a938035699f6a0eedaeb1c81056dc9bb745932d

SHA512
5702b5b4a8dcb7235a31e8d40cf649b111f231aeb280cdb6b6369a22a240b501af623b76bfe5cc6dcebcea56930fd435cf5fdf27525230d8334cdbfe93fb77d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a7dd9325-f871-4d4c-8547-49366a12d2a0.tmp

Filesize
15KB

MD5
887519ed66bacc0721405f69a39935d2

SHA1
62a3e68e53b8145e1ff5b33f4d2ce38198242e04

SHA256
4bd0bb89258947cddf9c7b5f0e55014db58a4fdac9d6d0f3e21c8b880dfe6af6

SHA512
6257d59e9c0e5dfeaf3acc7fb680d7660d41544200e64cca3e8babcbf9e26f9d02f69b071217467db96c9f02f9ad3390f999a161daddbd3e315660b89f22edea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
f3d69e0576f296805671c379bdc18976

SHA1
bc162ac341bb7ec6705d5cd4c144d79b7edd8471

SHA256
34b8d821747b40eeae7052fd9e7098c109052696aa99cc18c9782716cf6fc7cf

SHA512
fbb0f1e33b56b935966a0c474511c892df39d205e20065f3d81f83703904390086d3070acb12c82677016c4b9251ba239cddb9b19aae743c49b801f3cfc81a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
d877370992b3d1146cbd2a11671e7cdf

SHA1
ec1dc1974dd8c351ddf88867c77626ca04129dbf

SHA256
5aef800a1d5a4127b69eeeb075cc36da560e669b05dcc276461622533ff4411a

SHA512
6fd2184dbd0183ac5242df1cf72623f89efe5248ed93071b37dd51aa7e8c41e12c297e8ada9c02c3dc56d81ca3c4d2936b59ce03fc78bf03d28900487586a1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\490ba620-a342-4d49-bb02-e24571524ca6.tmp

Filesize
1KB

MD5
53188a50f77370da97ea7011563bef0c

SHA1
e3c610a27bf3f0022747038679d8cf02a086da33

SHA256
c1a9ecaf451c754582e22e14edadd0c5ac4a16a0d47626687df9ef40d900dbbb

SHA512
9586065be94e00701d0bce73361ced7f0f2e8887a17c955d05db654c3dbc56a4c7b75b4554e2cfaf09810623d1a912294ba0f44d88a4bcca594526803a351ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ce0431489f8995aed522240a487a304d

SHA1
78547d72c389d9aa1cca9438f38b4076463c9a2b

SHA256
eeb6f4d308663d9c61b36b13ad3f6b5f003e8036030ac9099ff2889f3fe1e99f

SHA512
7fefec9e68e9619c41904f431b0acec6970ab60b521a6a202670981d4d7ed205e1e51f801d42a54aa48820eca181b9d246d16345220f91818ef21c6da7fcc803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c568bcc8d4f7d83daa1e24920c0ab22c

SHA1
386f5e1e888988a1e88fe56d2d51c077d3a3f4bf

SHA256
39549b09a54e66e72bb6aa5ce0f1d85761e2f05612703c52930ae86f83dce0ae

SHA512
6de4229efef55a3897c594514f5a284e6f9ecf231eb9256a84b95a16f44c9e1c4dfd76fd4e427d53f03c294f48aedb7353c8106692104cd36e3728589d37d2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d978e8de7515089ae4ef623b2f121358

SHA1
3961df8d2aa252ca5b5d2c0c2c3b1d2c8d964c9d

SHA256
f65366f9c3e49ce3fe7f2a5e729859f3c7e98f6e356aebb9c560d93890882e51

SHA512
da80d75e22fc79f40a3ea4b0169da7716a7b3fbc3e529c64143c5fe38ff84aab98e811f988541b3c35cd5ad25f2715eee96185a281c313f9abb6fffb3692d5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1b2b170ee678c0241f6ba6cf2a28b6e7

SHA1
a8d8b6685f417e7ed1f01f7714ce281a328c60df

SHA256
d20011751d7104b16969923f0eb8d754f4b1715d048f6d4c021b0d65e92fefae

SHA512
072357b25361938c0999cc054ee9f3d3a6fcca3cbfda1b041df03838c805b2193d5ba56942eb82a2b07c9f407a70839a9aa3d47ecd5ce60a534684253123b8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc445a7620d8ebd61beadeecfbd831c4

SHA1
c573b453f1162c78348e3190194ea9a7f3e8237d

SHA256
4a2176e1674d09425647ac681b240b4d31e0c5953608a975e207ba31242d383b

SHA512
e60fccdb49ff30e0dd9111cbf5486eef632021bc9fc968c894aba1e2b8ad5f87dc76c88de007d81a0ff99ec39c066fc51ee4e82e9d353c67ab1c042246c20909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a4234f5e669c14d675377d0ee584411

SHA1
98338da6cb6594e65e9330d013c454292098660d

SHA256
309956e4bd5e4ba20e56056a1b2602794395ed94f8cc361486e2c1a996c5f54b

SHA512
6f3215f349ed723c932d9870cc20e8d24fb547d4c423b3a3f56226bfc7f7d868f6d2e77d2c0b4a3d8b7c475ec33fc00009d4330fc9431ead149f773f9d342e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b56a56f45b0e9108ab51243d6db1ecf9

SHA1
d8b62bfc253877af45b172c9aaae2541218594f4

SHA256
da8d204d1a3fe20786c5a456c8cc4b6a272a414522a954f256570c5329597d16

SHA512
a983135c95adfc924178711702fcef8c84c47794387274bbd1d1e0905c9144e9896166d83aa01cca2dc24206a92e850a3b2e5f2d3aa159aaa8cf94801295854e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
326a6fb2532d56e38ad82dd8ea9c5aad

SHA1
2d22d83f7440ffd26aef492d5250f5bd43babf74

SHA256
5c5d7de23f25791dd085af9f02c428a2249f2bac608f3b2cd699afdada824f84

SHA512
f6bfecc428e17d6e112e3b50e613cdfe46fe5bf999e46972fa829ee2cb2a37ea247cc88510d0a31b581b6d50711c13a7774133355d5b4e86104263ca01d62ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14283ab3a8b0cfa3045f9e7afd4f086a

SHA1
cfcc8c45250bddab29687797790a4582a0ea1bf2

SHA256
65cb1ca7d639d461f17101e5dfb2d6ed5ad885a7300bd0f37d955d9ef5980e31

SHA512
0030a88683d42e32426c5771e59030cb1d519e02a67af4ac5a868291aaafee6e6b799d394d74b58f981b38fcef1dc951e31795c86eb3fb382dca865fec248a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ada6549355ad961b38c3a0da666a921b

SHA1
a7f49e64c5619e2c803653228863269d3d39705d

SHA256
28382894e3351c1aecbd573c470f0c2b8fd74bb8f3d5283f470be6a635a5bdeb

SHA512
b60dca5b62c44fd4051e9738f37bed341b5fe7a3dda435f46e0e6e4ecf9366c337563f93e66bb1b87899290243383ca5019017cd7d54afe71d74417c0b35ad12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
748f3e8341cda11f5c19f44353fca25e

SHA1
ff54e5bf6d524138d5e4ae745bfcbac73b48864f

SHA256
926fd353758dd281be7b74d96d62d55a7f4bb90365fceb9d69902d818cc8aea2

SHA512
5cae16aa6404cdb86dd63b6f82eff683d96da1c0fc2dd8355f0fe488f37658e92c64b6c3cfb10f8cf5360f821ab032552f68aa05619d8a6a2c4bffd3e72c6737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c84cf166c6115e6be7c9eaea108ed863

SHA1
8d18086f3b196e9326d30900b4bf4fec3b61db36

SHA256
3e228de629a41b18cf4768a661cc49f857931a0fa364b207d424123919a0fc6e

SHA512
81fc7b255b5645764376881c07fd20ce2e83d5e1cbc363c369f0869bc8f8275ced05aa889679739ffcc17b4bda27a913ca40d537d90affa53750011c1f8c2347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f721.TMP

Filesize
539B

MD5
18836fac897bb4774469f41d61fcf947

SHA1
91e5f18b9b3d375ce6b9758bf7f79fda21354662

SHA256
90a8132ca490e903c4fbd1b70a815c01b75e6e4439cab6dcc2c00482ae135715

SHA512
85a65c306a152c056832779bb4aaf35a57580be505eeb005ad5aa1ccfad7706ebf43d29069210e3b617d331944fed3e72c3b23ed2bee34f5ee6fd6bbc22cd758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b2f5718bc97f265ff9fbe71735b8f3d9

SHA1
7b31eec28849bd0f6d16e4f21ac1e2f549f19aeb

SHA256
e0220eb07d424d7209cae61da7096f0055629eddbaca61b7b82267084d4dbca9

SHA512
bbe30dacc17875dbf01ce519f3b2d2908f2ab40dad0c68ce2696176162b90015328b69b587e96b3aaf40c3d5b54eece09b1a8f79dd00e3b32b4c2c0019ec5974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54ac58bb35f6a13a95aac35f9b74e368

SHA1
9738524533ebf1293e2461adc5e956276ba0d1c5

SHA256
d9abfd25bd00ee2dd752adfc80741b1e6c896dcc53bda1e58f888ca0b5e3a714

SHA512
964963f09edd2fc06ac37d38ebe235718eb94e686fc13101ca6c430135c6ea2a8cf480184d4b5111416d53b44ddcb95a711879531bb6fc906bbb5c9704fa7227

Download Submit
C:\Users\Admin\AppData\Local\Temp\2a12747c-9afc-4658-bec9-e0f0dba8797d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2236_1401582238\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2236_1401582238\ee00955d-342e-459a-8c08-e5d81b17edd4.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit