88b687096cafdf364858bd597e9a1077d8adfa0647e82c3943943bcd2bdd8592

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

7KB
MD5

09587632748d3a5aa3c722a30972f664
SHA1

fd11f1a83a11f945453251f0b26460d9577f336b
SHA256

88b687096cafdf364858bd597e9a1077d8adfa0647e82c3943943bcd2bdd8592
SHA512

0f03ef86c9a6ed440ce407a70f5d62030811004745b8baed7976f98ad94ba28f0f1fd69a53f35b8dbd0dc76c77bb6910c70f757de611c59b9933e434d4900aee
SSDEEP

192:3N9X91+tn26xaC0F4vbvB8kSRxd61czgi2wI:9F/+fcj61KgipI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580711408704777"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
1440	msedge.exe
1440	msedge.exe
4748	identity_helper.exe
4748	identity_helper.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe
Token: SeShutdownPrivilege	3788	chrome.exe
Token: SeCreatePagefilePrivilege	3788	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
1440	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe
3788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 3572	1440	msedge.exe	85
PID 1440 wrote to memory of 3572	1440	msedge.exe	85
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 3872	1440	msedge.exe	86
PID 1440 wrote to memory of 5032	1440	msedge.exe	87
PID 1440 wrote to memory of 5032	1440	msedge.exe	87
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88
PID 1440 wrote to memory of 3268	1440	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa000046f8,0x7ffa00004708,0x7ffa00004718
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424302218294712392,9975350586566412408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ec5bab58,0x7ff9ec5bab68,0x7ff9ec5bab78
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:2
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4180 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4104 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1588 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3232 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2432 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 --field-trial-handle=1976,i,3040744141025429800,14072330799390969892,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2204

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3beb429dadc77f0a8508ea86a1418776

SHA1
64f04f138c3fe6758bfb4b5fcb4dc8f76d17fd9a

SHA256
11f02115a631d95b079dc7927019de3439f34eda6acf54a24bf5e9f4e78ca048

SHA512
8abc7118cad66653b887bba8bdacd0a0fce47ba4ebe70cd2127c10ca259f334ad31ee4b2e8db8e5dc59b61c9d88c58cd026f62847d6067cbbc2cf1d29745ce26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
837d8b8c94201cd5f96b730eb0da4e3d

SHA1
a51ec928f0ad11e64411920930fcf31712379911

SHA256
aab52964c2167279b343cee839d643a1a2da58fd03eba3fb5fcc778a6ade35a9

SHA512
92c1cf8edf223afeb015fc7461380614791cb1879ef9c71288aaa351140177523f26f45487148baca61170512cff53ea7aaa764573762419626ece2aeb4ddb2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f6aa11901ea6753a1109b6d8bb0c34db

SHA1
de5e2ec1660db3191cdfd40295c1eb52803a9d56

SHA256
4e933b30f9bc16bc0f01f1c809404122c43371dbbce34cdc1cb0e54b90c7f40d

SHA512
972e3fc1149cefd92a861d6377c6090bc8b9ca4cbff2e47aa136fac04639d136bbda38b95f2b018f623a6f5eb3035b5e24f207e7e52ad9b5f2e3a2e843271daa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
09087dc1ca241563b4cccd77aeab120d

SHA1
65b8e084ebef6cb50f339a1fdd9c7fffd593aa26

SHA256
d348dd83e94a8a0c012108a2d58b1d18b3df70a7a3d21a1bb6ceda61f20f450d

SHA512
d926f14bd72b185857097276afe02c28f6f682677223256505d707842b9f7b8379b088e0a9f40506b335aa2a99e4513d0f73f0437cf9d11ad218266f3695726c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
11e4d26d74a2a0cdc8cb237d67b179d0

SHA1
9b17aeb74d80ca865648a3a0942c21ff680b6d4e

SHA256
4e004a41f4c080151ac07479de94a99c913de1186a8f32633bc08d56db5b23e2

SHA512
a017d5d1bf0ff2ec5561e06f7508f21bec6aa491761ae6863d3c757aed234bc9eff02c8f6af46e8ec0ee0e644851cd17068b76e29f78a32f433898318807ed14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a34caaa69ee00cda75442257dccf741b

SHA1
b244ad6970d87db08136069215ec5a535b191a75

SHA256
1a34449bd6956a5b76cad2b5a0f0f948e3b7afe509201a1ef7b80061b136e1b0

SHA512
920e28f855bad0eba0f64998e560318ec94a705b9ac03d8a2689245f2d59dc87dac9fb1613ec9bc06782b8f4ddf47715a3e9cbe7bc19c9ec2325a28dd0a1f04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f4e36f4cf48a6dda87a13e2b2be89b6a

SHA1
c7ba9aa3aed9d4fa9d01292a15d6278c0e0cbc61

SHA256
5f3dd7fa9c69e9bdb63d339f8fe3c4a7b5d11700798d61bb2c01d9091ad0a870

SHA512
0b12dec9abc2a89be844a718ccfe09ea3c791527d0dd76ec2014e449d266979161efd5b97d627a969b298119f9827f6f4d253c409df7749264abeff368272299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c157157af14b9e71743f43db56fef686

SHA1
f1c2abc18845cf62fcd73d526567c229340893a4

SHA256
5db81cee1263000628c9e33ea014ecd4ad2273723acd7c40e414db5d9d76809d

SHA512
c12b9e0bfbe4f1957941f5a4b93dbb68f6c57004c9f6a16b1db0abb91b042a6c9e701c83abe3cec3d28d4726ebe18d71ccdb09f158f86ab7dab185d706d70c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1f94cbb7b21aac0d8f79a8d33f458d95

SHA1
e641f6aa78e872585853cb0bf15259bb6214ebbd

SHA256
035cdb03af1e85dffcd50641696cdf5b9021c7bdb5edb7039921ee3fe153d15f

SHA512
8535d6003658c3acf2e339419980cf46eb41f0d1f92baaa215ef9e1570de74eb682c3b413bb099d01e285719a9b5a441e05d0c59ae5d360932213b3f28ba2b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8e4a81ad8bb18efbe1a7ec4c35056c06

SHA1
19aa79c9ea6b2c639ec48667e4726f838aa81311

SHA256
57d83fb1ef9e42d7cb6c3f93e97e587b57353e41c87958db10091a8e2f812ee3

SHA512
ca59b9d8a4deb11c616a50c4582d4dfdb9f88d56332ca30cdf92f46bfda7bd97baa474909c12dc552e8f7dd51d0446084707b4626f303dfa01b2384cec26ded0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7beb6274e35a9d646190472d28ec0f25

SHA1
ce04758f9a295de10647dceaa18f93a14410af03

SHA256
d2c8ebe0e304d4f0f9a6ad2c3eabfab338b877c7f811ea03a17f271d95c08126

SHA512
92db32234985701451dea9106314cd6ed1b3c84e4e530f12ecd814575e95c8853af7e54ce63a6ae64d447ee527b73ad3211e223063d1e5e7de14559c79ef5df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
6873bcd0aae0bf54657f08c1c8ab7454

SHA1
f3d23f9183758012c85d671ce76b219a598174f1

SHA256
525ca2febc1eee41663a94c882d5a06369f33284badd748884da5d71c1e7f23c

SHA512
59feb6332a7103efab8ddebd36129404d03eebdfca5c31aea9d0048fbc69cede66de27295701fc8f0dafa6932256297114098ba6d82f16692a0fcf8293435a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
dbdf9167fbd2fc296f31c7aa3252e562

SHA1
80be8414a54bea59538b5497c7219bf471c015dc

SHA256
af238ba0656fd71fc6f0b4298787eab48c9cef95007ad08e5f5b80043a72dea3

SHA512
8098d7d7880ea6c01a627688ec9021a7fecf6b8389280f005d245eacbdf4712e1e448f965343d5c762528e6cf55676d0896892a16cefc1081c4144e015d89f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
255108cf64625d7051c2e304d00bf3fa

SHA1
ae3957d36166e863d6df1d5340e98845c5b906f5

SHA256
b3f77f09d356187579e80acc8719389b53c4511e4fce3c062919270c75c5cada

SHA512
ac6d10222396c2ac62933deaa9f9b94efeb55d1bb484b70897c0367a26e08882622edfd6b07e3d4f11da83fb51f01de4be449f4c08ff44101f3e170c3fcc3c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
42a3eadefa1cc85a20a053025c72e48d

SHA1
345e308343b6f8fb4992edb17ccae24f44a55bc6

SHA256
ffcd874acfc194e524de50d88b0b2f97d8ab7ed4d7a127ac3983499d11bb8016

SHA512
e68f8ea24fcc2bd4b417076c09e7229c8ffbdce3e2c07cc7d0a2a4fb0a1ef30de82bb649896c0a387b2b68da7a6363680ae129a094d7cab95a6824bc75e72475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
e07e4e5b9b9c426b48b1f6183778e586

SHA1
6a8a1936562d9b3d45a0cba1e2f4e8a54a35cff2

SHA256
ea51e35852d8bcc35f2b60509f8b53477a77d1a05e99254a691f400e0bb21b5e

SHA512
aac6d81fda556f70fb08b0725dad04dc2a855f09072337c51083d34ff02f641ea1d16ef72123b880fdeaf4be6b922b277112f619efc3713235b94cc2d4bac183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584428.TMP

Filesize
89KB

MD5
9a60fabb5d680865155c80d1cf1635e9

SHA1
e100e1b072ee3da0ab7e32550fd20fbcad0c4faf

SHA256
e20412bd64fc74b6726700ec15a30de292c631768068da88726e2a6396345d9e

SHA512
0fb842a95545e9a17d1e9864e3f735722cd624abe5c9d956df2db82a515fa0976dd3ee711fb3c0c6728ba241b5589d96c0f57abd7c93fe4dbcd2c1165af39d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01ed7918fdb118c6a504c0d8cb10b15d

SHA1
c9ef93793cb6ea8cacd1bf4db9ff5a5f64a44567

SHA256
8867823c21f49502e49588888d0796bb72166e3b80c1df8bd41d1fd3adea31bb

SHA512
95149f7bfa0fb75941231c65cac9258b2a8eaecc645a7bbe2016799aafd4ecca6aedd3e3682f95242fa4aeab3824b9cb302c8153e99e18781722d933c2ab9b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a845d821f55456f5216f6ac34e473a0

SHA1
54a58aba8acc5561967cd2b1ab2c33c2ff472ef6

SHA256
a3513ee1fdc215137d025ac48f35d3f879492d2f6153c25238bb5942fea4dd6e

SHA512
8d62c61a58e0e4d538309410e4a3e5d17f3d1e1bd13ad5d2997ba6d49fb15b334073d6a85d499995ba869736452521a4c59471cfbba749cf256ddc5875cbe7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99a0a29b41df5912557ae7630f0bf8c0

SHA1
c1414c27505b15bb6c355ff469fb61338da39437

SHA256
da8d3cda53da3df13048ff2958ce24d86ad4ed1017fd2bea27873fb399fe38a7

SHA512
70c75ad1e87c70c074032baed6d492132518bb8990fc0f1079a84c3db947ce5919e7842b5c4ce62690d0d40bf5691dbf9781816c77b90d76aa8870358fce6fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8e80b88950aad4c32fa0ca3a5159d35

SHA1
41c1412d4486825caf21723668e815dbd14d88c6

SHA256
ea79ce3701d7df521591e663c232e248c935acb857ecfb2f7e37289617876952

SHA512
f61afc23bca0b8cadc1897d719803f19b97bbf0ab604b369be23db1e5d8d9854032529c206699cea5722f6c715be161e7abadd6bdd78608ffa27d10c06777c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eec0d5e15960a055ef6c4af709e6eaf8

SHA1
cc9c6111a9572a4449536d39658ae21a42281bbd

SHA256
0f5cea88ba8b6a4d253cef3dadd8fb3d51c48b61cd27653de0f8fbb72dd11c32

SHA512
5ec49602fec93e7ca4904b8692bb218e7b5f5f0907557757981909c21acc0720a980b862abd546d3e47ae0a46d954228bf94d759953e378ca23ebe6a6def8862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
977e26f11ff5d9df8d67661b028e45ac

SHA1
e51f68d6584af2bdd16ebcea1d704feac892bc6d

SHA256
8f74e8b867529550cac07210787e862a563b9166a63d3c0c5ebe2be46b160723

SHA512
f7615125fce36a455e516fdd36fe489b802736802508d79a7844d333b0fb69c36c5d687aebc8635d840cb33e527eb3a9856eb3d0d2e5ad2f2c11c6f33086703d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
354bf20e21f94957d29e3a9a21f7305d

SHA1
b5dfb3e631998f2a8a3253d7581e8b028307bce8

SHA256
3af983eb2212d331135edafad0e20800a29cd7f453678ef9b08e090a2fd05a90

SHA512
fceffc57d29a548bf6db782be3950d8bd05cf844983522e086639c1a4e53602c885ebe5c388b0df8dca459933fce334daee7fb6d335f5a83abc39b60c0b96227

Download Submit