hxxps://www[.]roblox[.]com[.]by/users/168392121632/profile

Resubmissions

09/03/2025, 18:22

250309-wzzgcsxwds 10

09/03/2025, 18:18

250309-wx25gaxns2 10

Analysis

max time kernel
129s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2025, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com.by/users/168392121632/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133860182004667033"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
2008	msedge.exe
2008	msedge.exe
4532	chrome.exe
4532	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 4784	2008	msedge.exe	84
PID 2008 wrote to memory of 4784	2008	msedge.exe	84
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 4536	2008	msedge.exe	86
PID 2008 wrote to memory of 3740	2008	msedge.exe	87
PID 2008 wrote to memory of 3740	2008	msedge.exe	87
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88
PID 2008 wrote to memory of 2052	2008	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblox.com.by/users/168392121632/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff78d946f8,0x7fff78d94708,0x7fff78d94718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1336518223396862035,3272595795060130939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,1336518223396862035,3272595795060130939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,1336518223396862035,3272595795060130939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1336518223396862035,3272595795060130939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1336518223396862035,3272595795060130939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1336518223396862035,3272595795060130939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7896cc40,0x7fff7896cc4c,0x7fff7896cc58
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1708,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1372,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4620,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4484,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3420,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3160,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3556,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3548,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5536,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5408 /prefetch:2
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5436,i,4864759840233857346,2118929762449192475,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9a50c90c039b64db12192e58ba0afe9e

SHA1
76c3667189ca98e0e613b195e58e23d98981d453

SHA256
7ab43936fd6634a3e3e9ab256c2ad68b392ef3d02d00c7e4ee530e30158fc30b

SHA512
0aa1eeeaee24e109399393bbc42873ff6552783167c1daf0d094e0d57b0aedaec41721079ccd5df67452a825e8322ff6b9ae2208a2d981d013211a1a2dfef4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
cecba07aa0e63309c31b4ad648d561de

SHA1
db280a36882bb70fef16e389ffd0f96c44013b65

SHA256
2458a3900df467216bab4204a636ca69f806174e9ae83cb871cba47fac9752a6

SHA512
f348d86b172f4ab8f2f7e4d5eee2366835b185bbe71961b21a664e5bd15de4f5ef75911c9b2034e50055ace708ecc4341925b7ee0a0e4eebfee536ad75476137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e77655176b19df2bbcbffaff6e66c2a0

SHA1
5bc057b3baad88ef31d1df573b2cba62970704b7

SHA256
597018eb5becd85364cdb984c1b57efb56b40f99ccaa58f1a8528eeec802bcfe

SHA512
c27c4efbb6bf72c7c3e34ae0abfb2093d9ff2dc497b54f4f4ce4f10a75ece31ffb4d1d5a147924335f2f9d1a3ee8d19903c12b337919c2ad885f3353a21546bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
476152050615dc5a703e7b5be6644dd8

SHA1
38b1e21edc9b331ef39080284d34f01dc4a37571

SHA256
dcb5393a3e109cd1af032aa49c3ad21c2bbef78f298e2290da3c3530d64d94fd

SHA512
8bfb165594bb33c3622abd598488ddc4e17f2798e9b0adf4bc48dad075d34dd1e6f89ba3769a2c7d180d88dac4a523953c561a45cdd389800d1d8eb7b6d5ab74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7eb59e581973d3bfba4d7178eb039304

SHA1
6619efcf51b73f7f286df7cdc0c21ecd42a3ba1c

SHA256
afe6aeecae2bf42fef941877b464f3d435e826346d2ff90d081d1e914e25cb51

SHA512
2480f9a97ec499bda86055aedbbb342d1041ccadc02526db91cab1d4fb7352731dcafb4337fcdcdeb23e3c89bd465b59a510c000049f8b6792d411b4a798fbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ce33ccc7840294ae7c976d3e2f5f8d26

SHA1
7dfdaf1352b11a4eeb8c3ec1e42e2b78b7fb8e00

SHA256
524ac312e6fe2c7e1c5bc5352d3ed57b055c1e881bc5815dc304fef0313fffca

SHA512
d366b452956970c2701c6221d6167857a84f724fdb59d252003c0cf6ac836427b7dc6eb5b43de2e592bcab85c2387c4df6bceec2f2a11e9f8fd984d0a3c967fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
259242431f30a21b8d7f389dda4163ce

SHA1
abadb84bf70eec32c7e355e92b021bad0d2ea31d

SHA256
8d5be830581258d1aa366e155843751070b7f2a1cee1e37398fb61c38f24cfee

SHA512
4d8e2fd4e05ca23be02b261201dfe51a9703b915dca79a5871039bf7dd1a59be0f35f3463f79639712e46c15ec6b90c54e07c4b0452afd44e8b5996dcbb43e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6ccbf7e6deaeaa11b10ef6babfef4a7

SHA1
1530c94ebf35dcaf42b291cd40d19b89a48a9b16

SHA256
2fd3520e7c556f9f25f3b806d97db285320c17588b8f63d554332e5b848364e1

SHA512
1df1fcb5fa5663abcdf595e8ea7ce92079ebd1b9e6c881b1bed3438a7a3ed4a732d3575e8b7a64c854dd6674c8f42dafa5d9152d45e0a36277f9f15f940e110a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a2f8b28bb18e5838b3209503d90bcce7

SHA1
d5ae62c6e42a67729faa3a966c2a424f65fc38dc

SHA256
82997dc90ffea2af4214c0fb2df189ff67096807f19e3bc377e0f55552add5ef

SHA512
76255d07f075ec7baf314794872b151bccd56be80b0a4d8ea7817967e1a20016e1266069a2bcf739972f57ef0d2cd336bdcdcca57b30249dd875e48d1ee46c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
432f092b0a143e985bf5eda504ef9bed

SHA1
87653d15667c909504e0cd0a3bb2672a297a3aff

SHA256
1d777741ea8427f1f8f97bfd2462510857f63c232c6bff96a933046ba57c653a

SHA512
d43bf8a2f847e49cf4513ae9aaabf084014780b7a74d388bd01792c035180702c64beb12efeef6edfbdf4966e29a1d1ea6ece70f43bd5584fa0ce88a9b5294cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76f0f3f5a9c01a2ab0d8613772dd9641

SHA1
31190785f89356bebc142fd2185f01b874fa5054

SHA256
29b4c537c4480ffa3c8c5cf39b6d70905253a166b0a54d8b197fdaa0b298f5ec

SHA512
b5ca3443089d3e45eeaf5d1b16c16dd471a2d1aa8f4b8f32db27eadf123b1ecd42585e03761ebf0c667eee2d486019077edb4fe920fd4ce79a84d0834aaff19b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1adaff6567fbe72b4728bbb5c10eb737

SHA1
22f4dccdeaf880c92801e6b207621fffca2f6292

SHA256
abc5114970dc6f4907395ddd0a9584b5d8f9860909605d8576db5db53285ff91

SHA512
6acd20bb348c2de8ff012b7973d81ae4454b700ba5e0a57f991660f4d4870f3852e15eafd014d1442839c175bb6a83aad6bae736e6a79b1ce20e63c4c2fd70ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce84350f645849bc8534a312c83e1bc8

SHA1
626a79074720a2a622149001deff608509ce65d4

SHA256
5959d4a18e2dd22e6616be449c3fa55bc2d66e0f828c5a3589f05532db9ca363

SHA512
3bf8f0c1ffd3a93f6be9627500419b57d40ce37e72fab2ac1428158fcc834095ea682b252691125f75be005ab38fdf56a61698e2fac86b4a16d5f4ac89cad433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7064346f36cd0ff09005f3ab2473e605

SHA1
9c85ed33ca36dd1ded994d6619a498565e6b434d

SHA256
1c402d08969e25ea231eb3967fc779290ad0e158750f437a35398170c50816df

SHA512
a355f7e69da7ee519a78405404189488906db8a40c0bf5196bfe7cbdaa680a8bcfd17450d62eba5324215cb9a742452f9c01d00853bdf27b779279c96cf3faea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
455879e3a4ba87c588e87d6032220148

SHA1
c9e6e383d1d9f942d34f929fe77ae1e029b0c078

SHA256
b75f43875a7c9ad313d5eb762fe2bca702da2fbbd9e10e5a118bb37606cf87d1

SHA512
c6b15198e6f9a1bc539da146b3c6a7d74f370e40512830fd3abd3cef144e2d53e3e19d507804804de8dc7ad5958c386640aebf776d14a96d0deef8fa6347e439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9aa5cee09e46a29b937119a5b259515f

SHA1
3dec75c79f32dfccda12eec7b3dd452b57ebb460

SHA256
94e0b539b55bb3fcb4a39088934bc949265f5738d24abce1dd81c9fd787960cf

SHA512
20eb17fc5d7f28a1626ea1da7c07f5ab79ca9f2a42f0e1d9116bf49602480395007ad2e83520440a69d7eb5f75d97a63c192843f895321149f9703210a8dd6c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
93fecc4ae475bd71ba891e7bb6d2b971

SHA1
7363fb2017e7d927ebe7a1d19bf9c6d7c1145445

SHA256
e40e0d5baefa6aae3701876b0263632b6e2c77f7983256118e54735224f0a51a

SHA512
e8f8985a748f7e09154be5e2da2635e63770521aec711242ffcaff14d5536bc1a7734cc70cbd691f5bfa235dbde58f1f8b330336a0aacff999fe7e03ae7013eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
b5394028754fe065a17e744d4028ceb8

SHA1
0ad5425dcc9c5b27ee24ba5ba3b2489b8eb721b5

SHA256
314000899b5d92e691a2c197b299ce814d0c27643cbd94106189d99f98cbdc05

SHA512
24ad44abb6a62087fcc41e7780d184cbe3d5a5a037c55237d458d5a23241cf6e0cce73100421bbe477487f1ec2a386c5bf324f03c4f3cb09ae5818c32ec1fb33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
0b27bf0aeef74c72fbb4af80c895b1b7

SHA1
831afef318ec090ce7d5734abb4e32bcae108a32

SHA256
33ba18449c7363580b188c89787ff84dc7b822794cdd9d490c3dd18372ba1867

SHA512
fdd794b1557b05585447394a5c3447fa8eb03d86d23147df0bba1f564ab4bcc5162ae83902d6d3345b11bd8aa7390fa0eb7e66416b003a1629efc07c05110b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
ced7edb120d0d67189ecd97683c0beb6

SHA1
3b962f8dd9c81c3617162d1fc9561cea24ee3e42

SHA256
becdd580577fbf358d77774b888e1c069a2ff4a26e596a3c956bd52b24591571

SHA512
fd17be336a72cdcca497643e086689f17e8d30914953aad87a99768ad6508717a4241834cbb5cd45ddd0cdeb960f9373de032b7b454bf7c321bddf28705862a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6738f4e2490ee5070d850bf03bf3efa5

SHA1
fbc49d2dd145369e8861532e6ebf0bd56a0fe67c

SHA256
ca80bbae3c392e46d730a53d0ee4cfecbbe45c264ad3b3c7ee287252c21eaeab

SHA512
2939edf5e6c34c9ea669a129a4a5a410fbbd29cd504dc8e007e9b3b3c7fbb9bea8c14d6177ac375d0c481995774a02d210328569231cb01db07b59452333b22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
93be3a1bf9c257eaf83babf49b0b5e01

SHA1
d55c01e95c2e6a87a5ece8cc1d466cc98a520e2a

SHA256
8786fd66f4602e6ed3fa5248bd597b3f362ffa458f85207eaa154beb55522348

SHA512
885b09dd3072921f375eedb5f0575561adc89700ecfbe999bc3e5ea1d7cb45e19d85c5e420f2c0a12b428742e1110e66f4ceecbe5a6badddd36cc9e0aff48e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
49d7e11a8ded73d7a5b6c745c18f4099

SHA1
11ff15b2181861405d92f8315613b34756e3f4c5

SHA256
5f5b380147e62ced2c11180bb277e090ef2e6a1a7a4b6cbd5e8c1f1577c7411e

SHA512
dba72e0a3064cd4295fadc8ac577c7caac4cc7fdb31db39a4138119b85ced927d506859545fec615fcec9403801778cb3d1eb1a5c3dc54b1d58b1bdf5767bf8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
403B

MD5
db52f0a7b4e865011e624a50d91f1d57

SHA1
25389a7dacf19dd6e5b637d6eca039b80f842c61

SHA256
5503aeb8200af2a8b67a37d124b7cf9ae19dd24117dd9f960d2c56d5b9376998

SHA512
4259f5034eb55c00ad0bee928cfabdef50a86e67fd01d38d12b93701ef803c6acff031bba5bd8afaad209ce550de3c3fb6daf1b272f28606eebabccc7736ec8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b648e565e056cb6b3cd48f5f19c77d26

SHA1
67bc58d335365174ae900daafbcb75bc429c95cd

SHA256
c1812f4762aad292042547bcbffe9971f21cad4948901adb80c72ab46b8f88aa

SHA512
88de11eee4e5aed3bfba4e7b46608cce8caed074a46f33a71423f9b789c7ad556eb069334270efa2ed2a9690561be9829ef82054b609483e39816bc63918eaf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02c7a03a4eff610cdd5de73ec5d15e1c

SHA1
6f58b277e14a9d97711e21975711d48731325f08

SHA256
a875ff29637fed19f5e1f9268a194063f0c148c4a6d879488c1c55320df67b82

SHA512
080877991e926672d9793f053892c8a77395256c1f78d9bdabddb374b08347846ef89172fc3e7e0473ced1bd95766468c26bfe8de04ba0f12d3aa03fc1672a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b579806ce000634e0a3f779a362dc20

SHA1
21905665e50431b5abd0661f3d9f4c1c05b372e7

SHA256
8ecd2ae3471f292888f3c95a5c87c4b97d63bf317179aed880763319d0a6d1d7

SHA512
d3aff8e55f79623059ff5d68755378ba3e315533052b1a3289f2c05883c5e23f8373a0d34940c36b4e036bf3aeafbb685fcf450933992911e09851352f459366

Download Submit
C:\Users\Admin\AppData\Local\Temp\09b44b0a-5001-420a-9067-7ac3d94dd8eb.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4532_1637572386\3b4fbfaa-ccc7-44bb-8463-775b7a7f14a0.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4532_1637572386\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit