hxxps://u[.]to/7M1UIQ

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-01-2025 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/7M1UIQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815240897628189"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2860	msedge.exe
2860	msedge.exe
1852	identity_helper.exe
1852	identity_helper.exe
4136	chrome.exe
4136	chrome.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
2860	msedge.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
2860	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 1748	2860	msedge.exe	83
PID 2860 wrote to memory of 1748	2860	msedge.exe	83
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2108	2860	msedge.exe	84
PID 2860 wrote to memory of 2332	2860	msedge.exe	85
PID 2860 wrote to memory of 2332	2860	msedge.exe	85
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86
PID 2860 wrote to memory of 4968	2860	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/7M1UIQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba1446f8,0x7ffeba144708,0x7ffeba144718
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8743833366874171048,13097743905831593236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffea6b5cc40,0x7ffea6b5cc4c,0x7ffea6b5cc58
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3660,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5296,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4816,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:2
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5180,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4668,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5532,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5152,i,4922707194469387767,13056363595777761654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5952

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5525d1f18a3feda7abdb0613cd3873cf

SHA1
4760e4fa7ffdcbf1f642584e9a4a187d0e24071d

SHA256
58a1e2e5b19e4314a75a20d92fd1ca5a9d4969a7fcc26664aa9d3309d125b2b8

SHA512
3ae6371e661278ce38ea7c2dcf4f16883bd07d82a72afbbd0b3d6be56d2c399e4102c407005cc14e266109df5cf66748625c310d964f637a4ca49b715ee5ea0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c6fdbf0cb12adb08a62e3fb4316815a5

SHA1
407a2feb1cf9ee921dacc5aba2ff716e2a38cfc8

SHA256
e202dd1d170be9805830b44b823b8e0263ade84985176ca46deffda9df5862e8

SHA512
450870245eb7d90d4d52363c2d86a3d4cb297ae1cdddcf1b9061d7ce58c403acb3c5d181e66f08b3a59cad0a3b0e17764c57853f1392e45c746a7a82101df763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
bb02262c8543fc994d4501a9fd246172

SHA1
6cb6ac61244fdea4530853f82fa7f85487ab72de

SHA256
b5eded7a15fc4faaf54f4717eca1347d55aebdd7e76d2bcdddd767e9a970a4a3

SHA512
bf5596212cf59fa2d95f7ae46bbe0324271c326ad7a8934053a1eddefdfcdcfb575956a43f2b99d518b80e7e053e46c91bf15cb6eebda1f41297b37e5fdb25ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7abd885eab49b721936bcb87799f5edd

SHA1
8e48339f59d687709de22796fa0122471bb3d0dc

SHA256
a0b84060f90cd83576f4429cded234abca138b776eb62810bd51a92c62ff2b97

SHA512
010cb66580825275cbd47025974ee2c67a6eaa869fdfc9dc1a9850ff1224096b0f3e44c6f4b517bc9f67180f8bed75621f0e9a7aae536264c0ddd0c6f820de19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7ee3f3d485a9b0a4529d9ce711ff7d35

SHA1
0b9450c78034a1bfce469930a8214e2df0bffd0f

SHA256
bb26f3844602daa7049bc5e1e6f1abd1e1c7e97a350aeefd33fadcb27aef39f4

SHA512
1ba7614c52d4951b0fe829a0752f95e9ffde55b1e310eecdf75e99efc1c089df33eb58a1a2359eaee5e2b55f0ab4cee9e3a70613a0878ea0c155b7642a20d61d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4fe7fc09c5410574e9cfcae7117fa512

SHA1
ed3250c728accc11b04ce02cf277f49e6ae91dd8

SHA256
1bbdc13b7c530fb96329c3fbb1948b678e9cd67dd0b2dc9183d209af8a8000d2

SHA512
1f58d012bef5440a704de42688daa883478472415a8c58a74807cf0a17c97cd72943556997331d380cc19d7dd82db9d851a0f5a0ff4baaf10188eb1f4b7d4152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c028dd2ea043c84ca7cf551e2bf8f721

SHA1
1c8eb8a0c54b3d958d017e1127b5e3b739244356

SHA256
d5ef391d5940340c3f98d1d46c25657743da1807b02f17cba076e8c4f8f9235e

SHA512
06ad41b0749bb385979cb3d63ff61d4c40d9c6a9ba3c1ecf89232a3a7756edd4fe8f213ca58a01d821d2da5070eee46d6aeb08f41b2babce180136e0f18aff75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ece9e394c59f4362762e0fbf13be60f5

SHA1
fbbcbc1bc3341aa5b073c13758a7c41a93124acc

SHA256
562d26d33f1800d2eb67ddca274685befa9934bea0579b5dc31abae1af56f1aa

SHA512
a6b372a24ebafac6c9c284730245c27b7303cbedca96d6fed3341b0b173dc0491bd4d69fa73b7d42b7640bccf02b31be0e70d2b150538e97cb68716809352810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0515c24fe120250cc8cda7b3dde90210

SHA1
d3f6d60a68b50933c436f2d882bc5aa418688a62

SHA256
2625a5feffb7e79c45509b8e32103c7074f529c24ae3216d99eff6ee65e17a3f

SHA512
7401f7fbc0a8249a4128c4b906206e029692e95b35e9a1051d6aae56c849d52829f303cd485073120d20e2841aa9c1f3efd200c8d56e2c3554973df114fabf21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc71f93e91850ac7728d439f823e94c0

SHA1
efeebcd86b029de8135346d61321a34e84c7a22d

SHA256
3638ab7b6390d75c84df3422300aece1899a986c974f50ae423292a87d782d3e

SHA512
627fb261221b82d8a2b518b09d976f4816814a525f62e6a2bd244196f9a1990056a474c1885e190d003bcb989dd8e27284ba07a1b65618b800bb178578243fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca6f006083c50ab65d4f10ac9c17cc33

SHA1
5f26ee3e5f6446607caa99279fa3f770cc335108

SHA256
633d157d35d7999c39bde78baeeec1c1635fb55c70479aa471bc0ce4481b87cc

SHA512
9abdc0f07941c122ae87a675980222d0b51e15cf167f2cc8fa4a5c829665934aa27bdc01f073ea7f198d7522fd753c54de0985dae29694228f31858ce2d873d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
621eff3961dc6f8d7c332013a63b19b6

SHA1
09e85d6a9249df3a0a027443ace89cab7a1b65f3

SHA256
b59d00b82e7aa683203402710e88da6fa792e84d207f0ed35e57ce6bd81c90bc

SHA512
616ab5d9a08fd4c38bfd3cebe8bd046952edf9afe7bf4acc8fb092f7f50ba818c22746c86bb8a2e702a8a81e6f6af067e07cd5882beb04ec79265cb4eef14af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04702a5e774836745e8f686f0de9b626

SHA1
8ff07cd2ee3b99ed91662054acbc6023a2bae88e

SHA256
eaca4e6e973fb2acfce929532de8b8fee69d594d2e0f173f680ec99cddd6c052

SHA512
d8d19af7d45df8b9dbf854c59b07a45399bb65c403bf77fe81e7a0011e42b5b43998cd824402aac61661f9eb7e37d63c80aed79755fcb55eef5404a45e050105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a0dfb29e5028f9183013abf2e5b2614c

SHA1
1d11f5cc3d4ea7190a4722e587be0d27b62888eb

SHA256
e391afd7508e5c49f4f5948a5d05ab8c2b0116f6c3769e8157c73af4006f12fd

SHA512
ccce0c55dabc4715de617da53abd8e0023de302ca15be57fb2da619a86d8452ef6d29e54179728ae39250ae5c4ab5ad538b00e7c672d5f91cacb131d60c77d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
684e507383325f1110c0427c3facd44a

SHA1
435919cd5ddbe085d5bde88366d38dfc756c8683

SHA256
e81609648f145954b25197929b22deb6cce6e4a9ace11fe49e8be9df63ca4ce0

SHA512
75e493a3913f55dba56ff9461abfeaed792733945ffbef3410e9af9005031eaa18bf4aff31d0eb571af44c8e5c8ffa545cf38e95fb612c5b185168b4f80a7de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
6f88e867bb5575f5288cebbe8891866b

SHA1
8d17d7d7a73c1a346c57ad9f88c05556d9c995d8

SHA256
9af176753106573fc472ef264bdb45c4e086d42ef895567e0a4ba9efca9f6517

SHA512
c4c6e21e55f00ac16ea746c1700e6cc651449a3dd744d84441278d8d4386f3baaf07d1fb128a94fd85821c778306af84ea11cbbaa60151574f0a6864582c5c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
a513236a63ef9dc5017c067d1a159079

SHA1
8cc5345da4e007f5a3a5f1d7995c6b9749aee182

SHA256
04b6a22482f9ab9c55c6e263017d68a53afcbcf48b6c659a20a13902e60f5a2f

SHA512
4d3bb9c107ff07d0c5f11eecac6f656f50c6b558afe49790e0050d75649a740f8468af99baf73d985739c4f23a5e76606a32c2e122991f0ca3a9cddb37f1c598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b1dcbc5277b3a3f214d44442992e2926

SHA1
e005c6ac727a8cce487ffbffaaee874052ceadbe

SHA256
06021b045239b5e4ade1f089c5e898b7c3e1b5703ce7d43abeb550f5c83269f4

SHA512
dc078ca222e1ed572551d4eb216387d4fb06754e7d771d414092872758ccc17c18446c2370dec6fb10a04b4767c5275af71a109ad9859e98fa549af684150959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
54c1d311012f48e50ac72e9b0d6b8e71

SHA1
2a7569f5395a1efd20d031ed5e65c424b2e89861

SHA256
a69b42b2df74adb169138aab69eca376a5148930e440e90d8a57404069b6f38a

SHA512
9d1fa30376fa78197ae987410687c80463b5dbf518b7b789de8ec6809f58d3800033cd5c55a9573fcd842d656e7ead6ffb0f63841374e058558ae3ddc7f762f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
841e30bdc3efd9f8f9ed6e9230800f15

SHA1
7141843027ae87b2a3dbe266686b3c85fa42e771

SHA256
fce4e287917519e9e04c71098bce35cbca6932131813354c83b542c37f8a5b46

SHA512
20bd85a77166a66af764ef40aa79fd19f782308152d0747476344c319b1270eb87582838c8be451b5080ce39c2c0da78726c38b9f05823aeba85646ec3b4bbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32cf1b81de1c7d270f0d818345448200

SHA1
b5451176ba6acac992b2075e28ecd2b998670a06

SHA256
8c961bb6fa22c6fea4b0ee876f08871a581352b542eb022b99b71a6c642340d4

SHA512
d77ac814f1fa4efe19653f634f5e76c777b2c04a2761e45fb16cffd2e34ba90de875972062344c07029a9dfaa52dc43a1288f3ba9feb111d7b1586e67ce67173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dc6f881c-a202-452b-be1b-9c5194c03fa7.tmp

Filesize
5KB

MD5
75c9d9aa0e175aeaf3bd58974aeec83d

SHA1
5c660e970b8411e0e4e6899538903346cee9d5f5

SHA256
876da14d6ab3f4e6012fc3e8db46960154a0239316b0e349ce406ee8ac48c085

SHA512
bb4aac6c17f24e177ca8a9497c310cadce3483aa7f7af3a595af4f479a32af6e6cc2cfdea3579c986d92274724818dfd717a20cbcdce34c2a4a129d7f497f512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9f37b945ca070d4cc5a560386452792b

SHA1
10b3f6ed6afe32a82380987d0392c7effa2bd9b0

SHA256
66cf5e7c525a86fab53ff5782752ef213314e63e03a3f065a2ff04c87e391203

SHA512
9dbac6c1510cf69b074eff1107da7bf6769cd318b9786826982497e20697d82b76578f2b0f1cebfcf22bac25a152cb79d23174ba87972d93f7dbddaf918582d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d0c0f4f5416df379411e50764cc5894e

SHA1
ff1cdb946b6bd1b2064510d9113050da3c5f92c1

SHA256
243a11531bb93e77b3dbd3d28c02f2903d75880c22da896a756ae6463ed73cd7

SHA512
29752775a4b303fb5a4f3ba750c35f28bdd310f59390bb764694cc6492809623f1ef1de2796fbad1468315db7a624ea54d5fca5718263b33b3d2c7275f785556

Download Submit
C:\Users\Admin\AppData\Local\Temp\de93b95f-7f43-47d3-9373-960f4ee94a97.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4136_914796877\1d5897a0-11d0-4bca-9470-3e3985f2efb8.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4136_914796877\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit