hxxp://https[:]\/\/a[.]nel[.]cloudflare[.]com\/report\/v4?s=tCUtXKAlv55lDKfnTTBYw2g%2FPDSQD2NQlPC0KqkRY50JLZnV9OeT8%2FdJV2ENTltmqYfla9iUUSa1ZHbCvnOsR2gminWIaTp3Cj4xT3Bo70%2FEZU8tsuQ%2FPFGgq%2FeDZYsQT%2BRZW4U%3D

Analysis

max time kernel
167s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://https:\/\/a.nel.cloudflare.com\/report\/v4?s=tCUtXKAlv55lDKfnTTBYw2g%2FPDSQD2NQlPC0KqkRY50JLZnV9OeT8%2FdJV2ENTltmqYfla9iUUSa1ZHbCvnOsR2gminWIaTp3Cj4xT3Bo70%2FEZU8tsuQ%2FPFGgq%2FeDZYsQT%2BRZW4U%3D

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133820315756449518"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2045521122-590294423-3465680274-1000\{DF024AB7-2E94-4FF0-AB85-6C4B59366699}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2812	msedge.exe
2812	msedge.exe
3780	msedge.exe
3780	msedge.exe
636	identity_helper.exe
636	identity_helper.exe
1468	msedge.exe
1468	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
2300	chrome.exe
2300	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
3780	msedge.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 4684	3780	msedge.exe	85
PID 3780 wrote to memory of 4684	3780	msedge.exe	85
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 4588	3780	msedge.exe	87
PID 3780 wrote to memory of 2812	3780	msedge.exe	88
PID 3780 wrote to memory of 2812	3780	msedge.exe	88
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89
PID 3780 wrote to memory of 436	3780	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://https:\/\/a.nel.cloudflare.com\/report\/v4?s=tCUtXKAlv55lDKfnTTBYw2g%2FPDSQD2NQlPC0KqkRY50JLZnV9OeT8%2FdJV2ENTltmqYfla9iUUSa1ZHbCvnOsR2gminWIaTp3Cj4xT3Bo70%2FEZU8tsuQ%2FPFGgq%2FeDZYsQT%2BRZW4U%3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa989a46f8,0x7ffa989a4708,0x7ffa989a4718
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1744 /prefetch:8
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1852 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6524 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,15516360811822541115,16200975086996829217,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  PID:2604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa8837cc40,0x7ffa8837cc4c,0x7ffa8837cc58
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,3765152102543092185,15213538459454345110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,3765152102543092185,15213538459454345110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,3765152102543092185,15213538459454345110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,3765152102543092185,15213538459454345110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,3765152102543092185,15213538459454345110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4636,i,3765152102543092185,15213538459454345110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3308,i,3765152102543092185,15213538459454345110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:5052

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa8837cc40,0x7ffa8837cc4c,0x7ffa8837cc58
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2336,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4764,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4836,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3392,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3300,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3292,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3388,i,11729847634238610628,18149577875158882086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:2
  2⤵
  PID:1124

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1fd21a5228803360e7498b21377bd349

SHA1
c028d9a423b995bb2f9d9b56ef09e5a4f9535b38

SHA256
920270c469d0fdd572881597d30bae6f24faec32c8a1e7e689186947ac7958d3

SHA512
c2324e1b0a32c3d4abdac5ee1c2e663d1e49c24c17f0b5a5dac56cc867f67d2665f29148de2773f2e048292b189d136876b557ae9837517f612155633cbb09b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7bb00ec9-c833-4f1b-9345-d9e75ff59c66.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3f0ede892fb349218fa75b61667b0af1

SHA1
198b89ed2b6d5398adb0c7ff3fee2cab7508f1a0

SHA256
13fc7a2570afb161bbcf9cad94a3c94fd06717fe4f17c84cd38361cf301345de

SHA512
ff617dee8d2eda003b4427c7a4b0a326f176c7d93d65a9e481710c077869ff20b1520b27ef99a611c5882493948532bb8b46b2c2457fe75e1a33f4e9e8f44f0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8361cf8c93933c92bc7c8ceef599c8da

SHA1
c30fa157b21424ee1dd5b519637074e3d1011bfe

SHA256
455a715842915ed61ef06f50cafd477d59ba574f0f9cf1441920eb630f748fed

SHA512
440b6cd4a34be75e214c6ade84a2e3c90d779ebcecc0f12cd1e8d7e8af2baf581461e22b40fa7a053a8eca418c21df979de7181526c2b27cf09ea62d57af5775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
5a2f21c5594fbdcbc4cec7f51756db33

SHA1
e9db1c3995d2e3e1126fee7f577dcfd47e83926e

SHA256
c58f1b9e9f139533cae01cb4971853547ba0c689601419ddef3606e1feb4b65d

SHA512
df53c26d8a9e18b12e908977e8cc2db33d4c47f48612f82a2b13ceb7267f25fa1c5449aad92957baaf9d08c00347500111352ba070f983d9997f5a993481413c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
3e2f47470987a8fcc7fb3175871b5921

SHA1
f74795bfbb6a556951273e42bf22a07d9d199de4

SHA256
9da54c464630c7236424b96a514d9926b9b0d045d5f6a6fb91cee772b7167613

SHA512
5988319f2837967d65beb81ec5e214500bcb9d1144910c9fce14ae429782921b2631380e6ff9363bba0bff243aefc623227adf88151e7e5a51498d40618aa315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
4555992546fe8d359b786b2a8f6363ca

SHA1
64924917f07661a33661fb84d862165d8a07a096

SHA256
11eb3f563863c1426b007cb7cbdacb8c3ae73062827339693a78d31c9687871e

SHA512
2b4420720f4ca66a436c83f9346ef04284f38b5814f1aa0e1fe9112fe2734dbd72e4b6961947b70ebad907e824ccb7cd39e8f6cde15c7d94108883f3188efa42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
a9dc5fb603cc36a2883de27aad83ed02

SHA1
d65f88e930d400b97c7e1dfcef9ecfac7c7d3801

SHA256
3e2e22953af1d79b581171e65c33fe243074a32f07d19db62ae4f465020017be

SHA512
5208243fe78c31456566b8ec01b2ef531f543f0a49858156d794bde9250631f4d31a26965141fb0b9406eb732aec1e649123a5fcb02773825332300e098e5637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
b60f22332a556a7eec63363d312ee8d8

SHA1
77edddbb18bea962d735d00ff5ac53855cc5e3eb

SHA256
c391a4946b2ff18265f5dfa74825f13a64a8f6721a9538332eb921691e0e1d70

SHA512
4eae1a5dfbd4a9053416d0c287093b4a86e01fafd855a68d9b43ee416ffad8b53c807372dcb71260cf467cfe54d87baaef4bd681e72f814a79dbc2222574fe1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
2cbbe086082e0c233d092b8336af930a

SHA1
dbb815189d614ce5bcf05a693c93ba4b5f8f39e2

SHA256
90e0a6cf145434be462c5ef1d3f163e45250680f7ff1cf826b20fcd328e0973f

SHA512
847b87766a24d18901878a6b92cbb07f9cc5a338ac9867de941bcc5b40618c2e10dc25eba259110297f66a0ac4a1be94fd67de0bd9fbd4bad58dd205be97b35a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
798dfc5633b690c2cfcba1676bfafd07

SHA1
86a55cb1667ad35a7376366078122fcaa5f6c6c5

SHA256
8865288ee9abbf1003a32566e86d70bfda4b62e25e6bee43830f2b6a90bef159

SHA512
b3f5b8f7b998c344ff2f8baf6b0ffea6f885983f8967d39ed97e4899432c66cefbae58e0bbe468ac01e37be176438f048998dbf72fa187798dca506806b898f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1e3d8517de921470d336f4ee0bd7e714

SHA1
e4f3dcd05570aa46735afe2e1a804301aaa0835e

SHA256
4e7c326803bdcdce32dd3b4bd268fd234bd5e574d9b676dd522db11b85a0b972

SHA512
dd055e485a3e4206426b4c04423aab98d1894fa2bb80cf9f6c4ecf4c66f1d04908679676e64a19633117c68f618d467a90ca68d8fd2883669717e3566f208e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d0076bbf7dc318d23df454d36f0e3649

SHA1
b991dcb9fda45ac2efb4bfa356a3b1c0c4379138

SHA256
d46a7fa25f287280752313b4841a8f7ab19bf21fbff7634c5993e40b7031fe29

SHA512
0aead09207b7115247455b103dd7621bf7ca7e40018ce9c09ae269ab2217597b219846014c4182e33b4cb301a4e2120f8221750e4357690095de2849be9e463d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e0716f045af00c411746f44a621beea

SHA1
9fb2d61c51dab3c6288afe922fba1a48ef657919

SHA256
7c9dd29be34b16faa6190eddc3a1e9358657d3ba19c60abebab20be0c32a69fc

SHA512
8f06a7925bd94bbc5b220c22c742141ea466b1e5c35f701336c27d769c968e58953fca6a557aae8840ce4c70e00bfdc694283d9bd27f7f73f59b100a015ebb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
71f5fc28a6465804bfd296a7fd73d592

SHA1
7c1c85cc1507602ce662e6d476aa477a97110429

SHA256
af383b22e4dbe5f50d341382831efb1dd00ba1870002cf4c78ba46fbf4b6af37

SHA512
fe06fbe2a792d14697622930d8535fb92a7cffa965a98c5daf2a9e22eab16ac5ce61701f44956bdcc8bb5167444cf14b0011121e4aaae446944b664c86a32515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
91222703ee4c9f7526289a75645724d7

SHA1
7bfa6015b8b050ceaa11ed6da7e2ceae3c56f55a

SHA256
b1d6fa67d08064ef5222723834aebf5e70fefe2737de7b4bf2ff39a0aa7bc271

SHA512
22b923666d7b844fa0a0ed0167a7d3720c2a25db1b0698874cd00cb9620f90a1201f4335e03e9c3501d310c6b8aba4d8b158c540a088ebd6978e145c0c233455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
7ffc5da9ac984fbb8626377edb465d24

SHA1
7f7630d1149425a0a6ae7ad5dfc2039a00ba8371

SHA256
05cd195780cc693728c964cb6589c293f73f721a98be76d0ded4161ed65b7a18

SHA512
6f7fb14da8f7d1f81d046a31ebeb6d743b8eeca6bf93d9e0fc90c3e3bd4ac2d10da1ed4d548227e3525d891f102be6987e410985f5740e1452ab565e894d9a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
11bf4f0d1563eb97883704dd873403f6

SHA1
fffdb0e526c203f2cef12d15e0eb569da76d95ef

SHA256
12d74fe2dc9644cde29ce93b17d1cc64172e3a6d47a228d8e0c39865bdee31b1

SHA512
31ab2b703a4f7f1028c9e3d3be1624a44aa0418eb88b5f7b8511403f4c3bc555d06aefc3f304f66e3236c75f6cb7d37bdaf74e7ed372da29756ad6c55a144f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
5f2e2cb2db0fe7286288ce2709398fd8

SHA1
c96fc7ba33bc8fdcdfb40f927578a21425b690b1

SHA256
8fe2395f96589167cba48fe07ccd5916abb81be9387fa40eaa0e30f6b106d30d

SHA512
695c5462c6906bf0ff0913e1da903b88b42a3e7662f6c65bc743c1b5d4bf73a74bfcc015d3140590f07f3c28200b707b4668efb5a208bf717229d500577a3478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
1b3cd63cc46feeab05dadf1ba6a995eb

SHA1
4b49b60f134caa05fd80586a4a399e4ad51e7ef8

SHA256
1e463174065fe145f9b61ee0a0a9ee06e735df150c71bd049e4a9684700f50bf

SHA512
c914fba8b0f43d94817e3226d0dc9ba482e2f7ab11d703227f589ce79110e407154978c0f8ebf3122242f6a9518464a457ea5faf012fcd506d9948be5bd094ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2c7cda6cdf4303d1472d9f52796db098

SHA1
f064527e32f1ece9da09e8026f489b2011234110

SHA256
d841e923bbc2be4cf46433b16aac855d70886844aa15e5f92750c5bbdf89ed54

SHA512
cf4833f2003b49948a2618adab91342779ae599f31254b9de6eeaa2274ebe94f665f9bddb70c6ec773305c180eff65710490e6528a6f5828d168b25e19e1f13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
28c0ca7e07552034d539bb52fd1b643d

SHA1
e868fa3870332727e352710e9eda9c0ef423ed9b

SHA256
2144d5f4949ebe135e232255c51cb597e9870d936ec6d19c6334cd773006f464

SHA512
79b45ec6dc4e3794b2535de4e5cfaf19d51782f9fb106c4985458c6ea04bd14d68ea0028cc746a3d73e8c385a774af98a5caa9aa604fdb11ad9c57a0f31e4531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
400618f920a0a5289e35e5bf8c26c026

SHA1
bdd49a92b2f318f7e39d8a3da672b242a7cb831f

SHA256
29692af0c6dd865056b004a4b2381ac1689596fec4e8f8edb8478b43be1c5631

SHA512
80294d810b3eb8c06cf5154bd2152ad6588dd7b7dc3e879043cc601c43d727961500419212efb1012101cb98ab7cc5855e5d2a589115aa167a2abe918f219612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aa0139c1550db71d7d0d1d7102d8a9b6

SHA1
1912751c881e405ae27131eeb28df3a272304889

SHA256
af4f56bb654d9eeed8aad492aaba45486db32249b03877819f3433c08d846fcc

SHA512
a0c905054bdb6d2e6a621fb876e1d9e60f05db41ec8ddfd621e8f35cd2c54b76a7c0c2e5d93840bc2f5a9b90279e9490920f6994c6c3f3f9973183dbac871f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
816e640236f1d8af1af81236910313fc

SHA1
10857780a121fbf76f2907c0c9f5a7dc6e0b622b

SHA256
76ad352c9bc6bf9a2b4e31f5211221b0681eb51a3e26e6dbb739c7c376a4de51

SHA512
7d12ceb2e5aed6a20cdc698333c21d3b14da4169bb1f6c2a6a42a333a88ba936c360c3264a380124eb58157d89fc6cf0a5ca3dccfedb9d1d047e8b4fa6f6f648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
5c53c90de36368c9aa2679f66efe7e7b

SHA1
2db4ece04cbca8b49a6782e9e1751c8787c16d00

SHA256
8b7bdc267c6c2c0bbc7ca08f437ccb66c4b92c3dfb7c2828375549266ee4d6fe

SHA512
c2ca7bb9e3742c3b1287c8cf19c31b0cb5044fa528a43e90860d70db30ffc890dc4df9d78cac0793c6d3176f2eeb244f53b9034f9f8882d6b789078f9eaa926a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a650949c8aab99556aafb768d92cb714

SHA1
77be75e260d036320d377a5f71cf7609259df86d

SHA256
7f89f0f1215a3a9f88d0082eb7264f31ec5ab371f6bc57913f60341b70814e4f

SHA512
e215572f6c0472ff6e852ff10c0e4fa26ff1046fa77cc4204146658151d810c3b1b14bce61a04b215d98c63d7a465759d133abd5a6f9608a869ac250d99f8c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cda536a8377c7ac2048da32280aad878

SHA1
6801879e4c4c64b98ce20fd2b698a761763e48d6

SHA256
546956107abb94e624f1b4d5b38399780bcf23da171e669fd2633d3ed983a39e

SHA512
dfd446cdcc6c6f7f517c7d7236f3b8d25aa23a74cc2cb2c36c7c6e6b7d2c91d346b122391caf3c067c0b2ac142539c66d35201509eb2d13a19818d1f5ffb03b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b81c573e3ae91fd06b7c5eb01f682b65

SHA1
e03bf92c5d19686d97fba4f9ff70b84f55988170

SHA256
a9fc010a804c504d9834ecd9bbcb1b6739ac926b70ef56f3d6d0f95574b50d78

SHA512
90e7e52983ca6c554a0640699943078f369fcd97ddd16a8fc9f08e68c75044fe0166f7e27f69e290cecb33ececee62b78d277f86fbf91cc0fc2d567e82d8a6b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
410cc4411a6c14f2cd934d644d102ee1

SHA1
90b3cba43eef776633c9c781d0fe2338666cb4ff

SHA256
009e2a3668f28f7498b32db2d1478d70dd9c5ce85433e71a997b63328b0c2a0d

SHA512
22ec68e7187640421891f5d1358ddb60a400c7e9c059f8478d328b4f3464d9cae58048baf9060166aab66dc5c8fa6a07089ecba44bbb7c41c6022ab8e26b4d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1f3360af4b2a15b5b54f02a632a74238

SHA1
73daf5beba724568f8acd956d8096121c78c0432

SHA256
7004c75c7aa2e38ee99342bf6aba4e83d644bee114ec5fd6f55c5d26ea83b5ba

SHA512
8a62b1ca638ca3470d3f1713812fd48cf425ff78d2ccfd3dd27a51f20b3a7592bd83e00ba276e80c7a16688c0b2e93d7094988c14f43523596466b64d71f9fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00234fe31681ab94d531e5c7731bee67

SHA1
a2e4b4aec659eeb933d395376472f875e89fd5b1

SHA256
c83c5a5577f9de403f949f751b6dbf272f66468680802f256e22a3347cff97cb

SHA512
60d6f45214e5daa13e0a80027107e5a922cd74afb828733d8d18a584e6539967dbc81e723ad28b4c8374a98effbe595ba484fff8e60239669db1c9d897c04dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e661a364ad54346e1e225a024b40574

SHA1
46a3a7499e7d947c9163c5321c1a96dec9b94938

SHA256
9533b2331a06d974435d5cd22ead43891d9bab90cc5db1941ea98ccc98d34eb3

SHA512
4ed696fceb927707ae830e3e6f081a1319628d257d10081a6b30fb325e4d66d62408b7df616ea7660c2bedd0e97dd85f1a6105905336b63eb3f6c794c5f97094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8fc1f7aefd4ddd39e714b138c9b0419

SHA1
01f5b3750aea1abe65b6845645361ff22248066b

SHA256
3670ae8501d583d70a7241adecff6a897de6d15bd758bf70b2d3d934a3edd755

SHA512
4530c8b2f5c9053dd29c3479be8e703b7664ac5e75444106df089d06af1f7df11e2c6abcb7091f6e7f859d4d7f2d5db7dc3a9463f46995a797c8cbe9c6dcf6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
01fabb3df69408ecf86080dee885845b

SHA1
700933a1bf77caa591824cec050ed808f6ada57f

SHA256
ce6c5cca6a7b3fe7bd7795823053a2aa6eb04330a2a4d541a9e9b8c163e5e79c

SHA512
d9e5f1c1d846da7e74c19b5550e81413ae6fa8bed7ed2c9e865059d439c3189bf68894adeef51d3bc8f189a2a191dedf3906c4c445e576e584b30a741ecd8fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
509189446a87d09342dcfb084f1ce02d

SHA1
275a57d3eb9d2bdb4878671aa45725ef6a99e849

SHA256
a582c3f8a1b0d057ebc349a59f7055d8787b05e3dbfcc3209356922dd6103936

SHA512
038e3ba371f134cf3362d77da62be6ba37894549b80ea5195c1ab0420b8e551ec97dbdd04576d282339e32c299dc28febbd50c5ecdf0106f284913644950c958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7d82dc24070837a7cf243e643f97a4a3

SHA1
aabe4004aad6ba0c2b948ddebbe24fd0e36251a6

SHA256
40dbbc3fd46910880e1d204c6d1f0a170c9bc7986ef4b1b04502ef688af89eb8

SHA512
827f292e3c943a6015d098e5d8cbc92da635d498b6385da9d5860e7ae00ebacb07afeadad267aa009e563697c6f7bec84a29498d4ae1d0631200da89889db804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5963c1.TMP

Filesize
538B

MD5
78121bdba6ae0629e91f1d86bf305c47

SHA1
51ef315a7727dad1b68d644eb0c02e284221a5f0

SHA256
bcd302d024658ac958ce6cd6a74a5e8d5debc573621d550f4c66e27bff6a3b17

SHA512
bc7a1e147d068b9c5964042ccae8b684cf952d1513cd07358a6f668470939cd625a554ccf9c09490e7f709ccb048aa6da1beb5adb7335da5b4b73df13f9f0fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
938857d8113af4efb5f7fe188cc03049

SHA1
170dd3e949b6c47ca86494b94ccb52d4b3ed2e37

SHA256
214b8efce21232fdcb13c1552653e6433f71a25a797839b195a7caa5224879d6

SHA512
d2e9a00f2bb0a8d2ea6fe41d12d3ba277b130484def73af9ae6528e6bb908e09910b6b4cffd7861a09e3e1c3d085202923a47a1f9bc4d2a00d35c5e6a619da40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
81d55847496002939570881c60c1af99

SHA1
70cd8789284b27d5590674be477f3a4eef4adc26

SHA256
7a60bb6e81ddf1cc77e07e6e1085fb702aa3d7ad8d5864d7c5856a0110828a62

SHA512
3651eaa5d164731ab6a1afc5e88f3d26b10b37f38a5da2bb68a79f173ddc6b624fed2356a30122385e50401457d6d09df1d46297d5d3241af1aefbef60e3fef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab650e758cf37e85d5f5818a8601a76e

SHA1
66893ccad9bffbfa78304f8fa1401f6ebf65b6e5

SHA256
88532788b0e253923a94215cef0dbdc1336f3d648284d8b2ecde2e9293bb9fb5

SHA512
34978fa7c8bdf5cf489ac40d55db12cf30f042912ef411976a14db5dc00d153aae19705c1eb898aac36c9d024f140b057ea512bd616f7d5a92b9cbb3f01a4ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5048_266806408\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5048_266806408\f04ea1dc-cd77-4719-a977-7de9a2eecaa3.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit