hxxps://matheuslumber[.]gr-site[.]com/

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2025, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://matheuslumber.gr-site.com/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133814433695695284"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
4760	msedge.exe
4760	msedge.exe
1976	identity_helper.exe
1976	identity_helper.exe
2324	chrome.exe
2324	chrome.exe
5580	msedge.exe
5580	msedge.exe
5580	msedge.exe
5580	msedge.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 812	4760	msedge.exe	83
PID 4760 wrote to memory of 812	4760	msedge.exe	83
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 744	4760	msedge.exe	84
PID 4760 wrote to memory of 1156	4760	msedge.exe	85
PID 4760 wrote to memory of 1156	4760	msedge.exe	85
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86
PID 4760 wrote to memory of 5084	4760	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://matheuslumber.gr-site.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe814946f8,0x7ffe81494708,0x7ffe81494718
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6378468959605019920,12097793544517462301,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe6f00cc40,0x7ffe6f00cc4c,0x7ffe6f00cc58
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3708,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3280,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3312,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3348,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4480,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5312,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3324,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4912,i,1321209699556420498,4926289152192205565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
878caad91d81cdb9f3baded2d9de7abd

SHA1
b3cafdd5c315c4e43937db60ed995788b82f0b8b

SHA256
0baf445ff36128da606babd36a440c8a6311aa925f13884be4745f5b3992a773

SHA512
8500a8d36a6a17f13869bc391a5d6b8e582fcf2cb5695b7a059178d66eb5c92990fb884a42db2f789d59d20e12bb342ee72691dd1aae436403abb7e0e5fc330c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2e1b572616e7e4c8316b536487f7c8be

SHA1
39945fb781879b9de8ad8b62f78bf804028aff47

SHA256
ba2a9133250dc36f5e396be42d52a1d83bf285728cc844366fc6450fe286ed04

SHA512
3b22d6284cd89e095c86444638c9da4d949386d33b7d12a79902834add62dc81b7515792c472575340e4b15731ff3323367a19cc81109da0969d98cbebbbfa7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
25c132f5305dfc830c484be261de1c54

SHA1
59cc6265c3777ee72bbc68dbc4f5e74773c0aff5

SHA256
bb54293d1be1659ba6a385862c64e380726820713e137c9c2294530cec6e324d

SHA512
e72ca05caa6852ccac47586fad531db72f44d5252d13b690dfa418e8a68e0b3b0c57740f770825dbb0bf0259320e0ff3353ff79d7fda6b0da858f65fd7fb46d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7284b7eafec91ce471cab582ab5b1209

SHA1
77b92e83ac1b709f6ca0f4a2b04949c9ee74f96c

SHA256
993f5c75462bf6734841477e670d0657d950a187a2e38f6369382fb6a6bbebc6

SHA512
6f1136aeb2df56891cfb167bc881fc8642741a174fde4342385d140ceed097efc3490708cf438a417d811c3700ccdd5188e832b89615e67e82a2be9cdf86b474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
deaa099dbbaa89cc8a93b32e74372e04

SHA1
51a62ea1002fb338c78428d0a216c827d9e6342e

SHA256
325f054b91c1e3c6efc8bbf5d4c81c12cf447f2b381c77be3c6b51b248782e19

SHA512
83c2f0046ed17048191b9b910f798238d2bbd6bd0313f8a537802a6bb2eb31b5797ef371e674ae2842058d6c31af04afc6a03b5100ead4c88b162970d26aaf14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77ba910942e015b5e686d21907c28b37

SHA1
c0e3845dc34906a3987b98a9caeb3e0e31027a91

SHA256
11cedfd27b965c0a739ebce0a815ee3539a0bfc33232ff70199007b789f17ef8

SHA512
9aec3d9607410fe8a4320c66bc49d087a8f51a7745eb1bc29edb781fc817a9e476d27056d6ede3326401a308fac89641881429ddc8d18f53d787ce99b9dc3818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be7a05ec5bcebbd8dd37bdce02b98b78

SHA1
6506497734be1e4b140b5ceaa34d167fb4754868

SHA256
6077d6f03ede9d0097b2a353a0c712901f1b718f2e8e910cfa28c4112182caac

SHA512
4f5bd026f15a14b706e4cccdde70effba9f3a2a167a6463f3389227125b45c5ad062d5790748d484b3d635bb6af1e8acd59556979d1ec27446bc9eae4ff5e7ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0339ada0f107459de4710bf5aa40a0df

SHA1
065791b10157e346a39856b3d2d6c8f065cd3aa6

SHA256
ae5112820d5ab4eb7be1bb2819bb275c37113d62f775ea1e1b417d9f25bbbea9

SHA512
c2cc0d64748b0c13876d3b434f9e119cd15bdf4ca3006c951127498468694a6550668d22bb81722bfa4ba1c31b2ad55b01c61e3281acf47a9e7bb3c79c733e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b198249171b317acebe2a1cb30aa568d

SHA1
a6682e78b27e609e65676f2ca8d110749edc39c0

SHA256
5b568fc628998319baf7ac393c32e97b03ea35d1c23bcb8d44a0fe6954bf59bd

SHA512
2f31e793678733ea616cfa6f3769583f6418d64a3032f3f8df673804ffdfbfe826cb36e36436cd1c902710862ed5938e2310d2381b82cb9828e69e899c80469c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c211fe367cc8dc02c225271cb8d6f9c

SHA1
0db2e38afc05b9d0185cf3883fbfcc2e2d7d8bb2

SHA256
a740d441d2df6c1abba091fa8b81e4a600cf7359545403a711cdfa49408dcf2b

SHA512
e2a3ce74b94ed97b29697ccd4fbbe55f4dd86e0f70580c2cc2f83f418da27ab650a90a9df18eec70a7d60fd509412d27a0e0c216eca0b921f59ff31d4308c075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10dd397942180fb6e2ee37e355d7e38e

SHA1
d1092ad74f2741825564e3a8b8fac600e5e74a52

SHA256
f661d1bfc8b5c96ba737bd6e294530b5c1ed4ab4d318220f3c885555236be50d

SHA512
75bb4215c752b8c3de59d7ed80ce0eaf7829d9546dc98ce9d0f33af77961b1c90ed49935b11d2d753f496b289ca2a7686fc7638d09596d14bdb9e3f9aa8c4aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ccc103f789437f7fc232f107d5ff1018

SHA1
0c59c1e84829e6f4e6d413bd7a303eca4acaed52

SHA256
4feeffeaa971984c85194f530360615dc57df160b63b0641db50e41200747b4a

SHA512
b1717c4bbe6fd9cb4fa14ca07d9f467bab5a04a3252d97cc8c93ea400b406b9061d9fc77433c3973ebc26380e380f4e0de001a6cbdf1b540797ff7bf8caa2069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d5327c3f6f611640c9b7d9b33b7eb22

SHA1
4a877635b4a16d77e165a8ef97184043d9273af9

SHA256
f6ce5e7217c99daef8725e8d677906aa1e5af20de75c2128c223b5426d97628c

SHA512
9f3e1c57a1cafc74921c6e13e3047850caac1584eb4018075d48f43e87f151379e834bb0399af7c78274255e289a52bdcf48d1e107005287284b77ea95d1ffef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5200d06b14d2e53f271f1790e639f1bd

SHA1
c22c6068f67c21366630892f8cc00fea8b304fb4

SHA256
6c51c2104ba5a79089d97324ac48291901f79f92192510bfa5f13e58ca971f5a

SHA512
1df9023c9e6537d0bfd7535881e6ad835e54514cd4db4ddaae0b1604163f700e15b163377fa72304b935126a7d6bf5210ee7ef6f217c3b460939cae70483ab53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d02b7101a160a280a900ebce1bba7ee3

SHA1
156c3d2f463b940f078185e1cba9024046a87d4f

SHA256
511d09a85dfce0cd67dfe43fce3fb893eb27e6aab7b06bb1db1887e4ec2ad4db

SHA512
a6cd1f231cc230b092b0c2138e90d1228bbfcdff87cd1507e6bb13dad668d67e9edebe79f8f44b1368626bf0aedda7e7c7401d8787ed5c08228655e75e3334b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
ca40f9e9f8ce905c34117bd66fb5271b

SHA1
1e245e0e2ac9e49be77427f82f5f8835a747317d

SHA256
87e3de4d13f2cd162f3479f10e41c11f5d01ff82928ea1542091f685f0bd0941

SHA512
b8967a4619c778c03c80c2e7d90025bb6cc4d016564aa07aed6cc68079fce4e8180512deaf744b1a149250f4e42761e3011f17cc8a46b4049fc48bbe74e3726e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
6bf9150249253c45a44166b47005aeba

SHA1
c2e8d4b97d2dc6e61f90b1f632f5d867e0734a72

SHA256
1c8dd7efbd7986dec8c926d8629d14e4bd1da7b750b7d04b7978b306717fda39

SHA512
311e222e3d88bbc063845081c77ac02179db080e32b08956f66281e34681574c20fddb53074143ffc2864f59371ab4b0fe58c7fb8a49f91160e66a8780601b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
55KB

MD5
8626fb05b186ce766ef4e822c61b0404

SHA1
1c9a264e6effb06a4433b09d261bdd811d3a57aa

SHA256
88cd6031219cbbfce9743f4a7a6ea3507dac7c1533aab6821117263488746757

SHA512
594b62e8286257b76e78c14b98451d38f131745439588044b387e53915c86639a3165ed994132cc8808b810085e4cc4274cdf5f2a1d4528ea2d4c43cdabbb8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
204KB

MD5
13e82ee439d9fba040c5c10fe36831cb

SHA1
4264cc8a3f37fc1c842974bffc33099a5106ea19

SHA256
2ccb322244bc2596dd2862f757adda1e3b622ef63348ce43329b6f3b6fd8984c

SHA512
222fa23fa7e3f3aaab03cf80df234d238cf32d71e813abee1fd7edf81d803da778ed5ac83c1f4b1c95b9ed00f3a12b83f2378ca4adf2baa13f2b6662a5067a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
179KB

MD5
f74fa83f7d7b585617833ec8d4d687bf

SHA1
97d43f520ebc33c0e59b9e241c9e21a6e579b087

SHA256
6655a589787d53ecf84cbdf75da3e8d27af0cc6ecc0dab9c32b1b575f8660bed

SHA512
a3c7bdeb55ad23b16e81ab26a441b5ba240196589734fea067ec238b72d00abe16f170bc34b6702ccbdadd107fd24b1617deda944734cac6ed51e37217884815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
18KB

MD5
caeea3ed239ba508b45fe95d8fcb3cd8

SHA1
f53bd24328400353f9535aedb868c5f5737f85db

SHA256
36818946a04c0f954ddc96c4e758d64872dae1d5358583d50a2318b5580da4a3

SHA512
6a612ca0857ff6d08713f26c89880a4f7e13297c8ace887a2e57b10b914fe8e97c52afc5c3d4fb1d6957729c7288d66f1eee8c1b02783a4ddc96a02a03ed61d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
e22c48e6a25932bcc8a80e97fed0ba09

SHA1
4b4f5392d8dbb5876b789b302fa3a7c5cae4c9c4

SHA256
d0440069e19a64d8f1f547524683284a2688c4da45ad8d811d2059a6e050a7f4

SHA512
2fc6eda08071ed118990c4fbefc467d13944523410178cdf59ffcb14218d103a9624d274dcba4d43e7c4b37d343cbfdc249cab4fb5addc63ffd310c2a72e2f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
485B

MD5
f30f037f08cda1b0f442637a881b7402

SHA1
fdf9cf6699dcb8df4cd8bb8268969b2062a2efe8

SHA256
82b55cec88f6c720e3fb5a754965296ec27218c2a1780bee3e8b6836681a5e2c

SHA512
7ff972170fe7f0648a21e7c1b9a091991d7b6302e92f0be0a0b1c305a71d8d6db0bba87f97144c6dc38a8551ad954e8a82210e13679b956279a9e2c91fb8aca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b424aad7d7d7a85ded91f58b767cbdd

SHA1
89b2739a944738d69d243d8af883869dda744c86

SHA256
7c2050ae9c80965a39b7b512ae1259ede18e8b0cb199f397f8f219cc2437fbfc

SHA512
d19ad978b4932915ec340d979e620d4de03d5798240f8601f76e8b9da9215d5f5a222ad122c1bedb910fd3bcbe57b272fce11101c854a0091d147a7d7979170d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48588e22838f894008092abd75f2e0c5

SHA1
b6caf5a4cdb372170f90bc6b8dba44972e229424

SHA256
bc3751868be2f36abb89e3567d0aad63016d1280536a7244ed9eeb8ae802c056

SHA512
a30956b7e936761559c63849e64484038460519185f72561a3f2418620d67f3062084f8645391e5d09204c5d3ee8071e4dc3b283bca62b5ca1808ee8248eaf53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8a065b4f08b8e748423889d1dfd073e

SHA1
103708c602fba2f49ef1b80aba2be6f3f4e3cba9

SHA256
ff3f58980083026757f365ffd67d2be1ef344660da5912088e9b805105a42469

SHA512
6b3d921fe041ed8b63cb2496b273a039c52367b9a6da1a115f658a86251e1eef4406e818902e8237138aa4e37d576c869b3679c1a4dc46480325cd9ddc2be58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd4dfbb8fd45f0569b7c4add741b6812

SHA1
4314e5f5d24e0558dbcf46ace8e0df45fb2bfdf6

SHA256
812273d14bb83f282cd566827e22aaf35a0e0313a0ebf3d7b6d72f3b564e996a

SHA512
e14339be8142dd4e1a3015a6a657eeb93c40562d55d8b8a2bbeca9de4e75cf148d1bb9f9c0808644e7a7882a8b846013aa332d9a74474ff58f537b75e8699c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc303cfee289c04b1729519d9aac1c72

SHA1
00af68c10be0f56d6fdf8d7026e4c78085c919d3

SHA256
e54bb0bfe2071832deaa6dafabab02d8bf6e9596e7a9647714bfa9964491160a

SHA512
79b96f1d4c01fc333962b9f47e5015a1943264376ec726da45ae8021f3e849e9a9f37eeaceca31013571f7566b9833d0d4ba8d36f77ea0e8868ff91a2ad82b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53ba66c3de009b672332d275b26b430f

SHA1
df5a76567be658829fb1a1710e3f8a47e0f4ce06

SHA256
da9e3ab507f8d44061dcf111972cc51291d8c57cab5afc27a5c6668e995f64ac

SHA512
309cd90be1e7b3586d64f35c0ac86da685b9d39a1da09e7f9cf84852580c1d82ec7c7703f73eb96cf4272f54fb519dac42408675c16f67f2ff8b1f2d65c5f681

Download Submit
C:\Users\Admin\AppData\Local\Temp\68a1bd9a-1c15-4433-ad8e-50e73fb16802.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2324_2036176525\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2324_2036176525\c8d2862e-d2fe-452b-b34c-59d566887f15.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit