hxxps://chromewebstore[.]google[.]com/detail/oracle-guided-learning-ed/gjlnedceigegbbmdnjgeebldeljgmhch

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/oracle-guided-learning-ed/gjlnedceigegbbmdnjgeebldeljgmhch

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592019168300875"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
2508	msedge.exe
2508	msedge.exe
2388	identity_helper.exe
2388	identity_helper.exe
2980	chrome.exe
2980	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2508	msedge.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 3608	2508	msedge.exe	84
PID 2508 wrote to memory of 3608	2508	msedge.exe	84
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 1556	2508	msedge.exe	86
PID 2508 wrote to memory of 3900	2508	msedge.exe	87
PID 2508 wrote to memory of 3900	2508	msedge.exe	87
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88
PID 2508 wrote to memory of 5040	2508	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://chromewebstore.google.com/detail/oracle-guided-learning-ed/gjlnedceigegbbmdnjgeebldeljgmhch
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff855746f8,0x7fff85574708,0x7fff85574718
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,1858451258100870311,9191431968258503710,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff73e6cc40,0x7fff73e6cc4c,0x7fff73e6cc58
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5020,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3168,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3200 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3344,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4040,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5204,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3148 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3372,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3416,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5356,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5240,i,14477029120327329567,12408545821321052907,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2876

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
493a284c064ae7aca4b7fb48195e76b7

SHA1
775544b9274891987cb6e1e35338702e27c35bc8

SHA256
cedda40926c44cd4e4aa295164b006283162282f7dd63e1fc7acafe88cf76aad

SHA512
c3a3d81d40d08b980f6b33c15d92e602f7f5cc1c67369524ac8fc2e1f2d3d111661125de0471792a4af0d8a6841dd1ffcf5a1ad45a55bde84319cd1bc460d27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
1076ac716216132322d194fb6c08092e

SHA1
2459852fb314628baf5a3a3f083f7ed18cad9999

SHA256
23d1a329f05cc1690b2cfee29ff1841a91f963e45a8f25ceebcbfead86940e43

SHA512
6a687d4315b653da8b4299cec3677c1e8cd431e782e9b1a39a9fbf3dcd0555da68da61dfcc8f7fa30bc8c194b964b6240d05e8d4d91202395883b5630c6753b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8a80b28049206aca12169c7c3d39142b

SHA1
8ce191808f4e411f64eff13d6d70ef7f23dab3ff

SHA256
079094209b1b41432e4a811bcbd7d85ab165e807e7d89bdf3ca487720ca70560

SHA512
d78990666d85c1083c0217b64c883cca41f00f5b8851e4113c47e3f19ac441fdf8827544bab538002b7f17a81087f6bdbf21cc947c6fcd7b85e77f62ff6e3435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
09f1c8b85f7574c76f4103aad5394aff

SHA1
9c267c01dcbe69c136ed4ea0898b9e0fbf58810b

SHA256
fffb6279025ab9c96e61dabb290922d3260e81e005b744e7cbc38c0b31dae720

SHA512
7e0a19fe7b3bba11bd55af7dcd5b275eb71761a8b3de4a43ecdb84e25c5ec7be32da8f84cfdf8cc2a233e40fba9fb352b454487b60c4bde193b26e904c1d1e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
59bd0c8089a5c462b3c5e965f79c2d57

SHA1
817c195e15179bc76353d8e3b24d979328ecd934

SHA256
b5dfe4030a4ab50de77305cdfe167bac0fd5457cc678642ecbe3bb5b88784a05

SHA512
646a293c00481672b96c4c141e3fb6a4b4ee37309036769c6d1fa29aa81e330112e5989609d215b5ffa5997a3f386744892c151d90fc7184d23db4d04509869d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
145071e58c2cd0df01b8f76bab50b89d

SHA1
c0e93b7cacde02ae8f3f73455f60b4e16f04dd56

SHA256
e086062b9897412c2c746a857ef284945031de55633f256bc89ea27f575518cc

SHA512
42ac605bc7e8e937c12c5886217e068f2e4fffe34b626728d8fe2cc2cd824dd405573cb65da38917f29db3a601813a19195776ef64b37a1c5eb4e12b3bd24bbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ced2ebf85d4b1b58b5d851bd2a49081b

SHA1
f5783c32b20056af0a0009b88495309da0cfc1cf

SHA256
c8efb1496ebb938a1b31945ddc2e092e563255f0f1df5bacfa6fd9a6319bd4e0

SHA512
9fc33e90ebf268efc3359cd62319843b7ede1cb454e933252f196644829d4113388052c94c79e222efc5dedd799bfacd3e7f96a594b150c3a4c5c536e46995f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d0f8e81eaddd7657d85be71848d0c42

SHA1
fe91f593e5e1f82d518bee91811d49cee02251d0

SHA256
1dbedea1f04c18055729ea096399cb3992a842279defdc94d87229fc713a42f6

SHA512
3e6fae7b46ba9cd5494abe8eff4e22fc4773b9c1855a5de008dc86332d75099ddb14259cac309064361f1c691ed68d2c83289f4618464f90a365c0947b3f26d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
599b6488f32131e6f9825e0f6c2545ed

SHA1
dad9f0b4c1361974e4ae59f523df2c4ff8cacf01

SHA256
98d2d37d12c3a0e094658f974ec271d636ea727c8b3feb3c949ac086ac64b1c8

SHA512
54938baaa3ebae85e53b14a9bcac8bb056194d573c3e3289201fa1bf5d384363dc3dc3d24f3ea16377628010a81cacefaf7c29357e64d6a07b091a2cf70dd4cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5225c9eafbdebc254cc0d011ad5b5f90

SHA1
948ee5efbf40583541100bbc7fbc075e2f5c3e72

SHA256
b32e0206354bbdd911799ef0ae017afa333e8dc479c5e4984966f42bd8463d91

SHA512
e5282d8edc8d2082d55e294934e979b4fa9e1128ce44728b964069e1bac0f83344fcbc39e70481993238f42d7ca0255f813c85b5a4f37c46767e94ae46f32b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e14afb63b39ca5adf4a054c7502ba042

SHA1
266c5163f375d3e8dbce02ba9945631070ad7fec

SHA256
b947e4183def0ffc9d0b7a1780b667c502c256e624b5e5ecce256011ef7bc265

SHA512
c574f05a4b03e7c7d26068b2f06e8d9d0fd2c31d5843cc5c5323320086e2c723bb8566b0e48a479022b07598c342455c0248e8c337d7453eb70f7c06865b3b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d392b0b89d4043baad48d88bdd6d293

SHA1
396b2f390ee656549f78b986176be971f1a9f7de

SHA256
7dba1ae8db9caa1e974cc4794867b1dbb886af5889a3aeb582f936021021f572

SHA512
b899ed4f57ed473ef35cdf96f33bb64bc3f4afe59fca86a6e501f0f11f61c2eec119a1f5ec2b550f348544ff7645196891e76465faa5e81777751b13e00ed3a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3cbe2c22ee88e46a3cf197ed3e10e214

SHA1
36f67ca761a348ef986547ffa0d60247bad3fe9b

SHA256
ecc0c29cf072db78b9ae14a7f275c5e7bbe0ac0e7df01756cbcc2f846d84f157

SHA512
f5ec96dd1934233a2166cc2fba9b351910d73dd6d9612fbd9e5556f59d763269d9acf3490eaa4a614c59be30562a0eab48de2ea4ff31296698081b498b8e418e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee8ebee71cf4904429f7a6e016ba9d27

SHA1
ebeb12d95f3239bc3a716292af762a0ac8a699f8

SHA256
22a582a2f09a0b30aeeef321314c7b56b05dbb0c336b7f629b47b0f220d604af

SHA512
48578ac04f8d1bfe2fe952bebe3254d662ea9d8797dcdd9b877fe15796531d11ff2e2753abe8482a1c734c1ba7c2b6d01706753b91313ffff98f54ca2dcd8d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1afee9a562fc5a50ef00c6a76b8cd02f

SHA1
d2a74a082b3b64bed9ca15e8b2098e470fe65f9a

SHA256
8d31d7380105701eaa01161d5a2d0e822d372ccf62194e563177ed1bdcd975d9

SHA512
44593ed6b899fd411a5402a10f0c212029ebaffb8eda1df660e8a629e59d8aee128b5ad4daf42c93727eefcc2ac13db40eab03ff644e3f043e178361c9901ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
b476c97fc7637aa0f3b586f6a636be23

SHA1
5dbecad26107ff454cd6a4ef951b54c182486715

SHA256
ea4642a65b3c8ea72b7a4f905d6d9ff961630cb85c89f18c2d5a2fa3c61d48f3

SHA512
433463c936e6f086816f2e7a6b4a9e542def2c96bffe14ec6b4cb93427641da0130900aa01952abf60933cdae6d1c39013490bd70fc9d832a5ef94a0567eeb46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
aafdd79ceebc97bbe5f4d91b18764243

SHA1
054944e8602815ab7e527d90b93a246b7c97aa94

SHA256
32bac5d48585ffa6b35b5c94fcd49cc7bec6adbf44441ee7a691fb180d505eaf

SHA512
a6bf76382401d6f7eb092f2e068a22cbe78f271090b6f1fc63468fe24b664a24bff15884b36e756dd31321731352a4669ae4e1bd073ca2c2429b9709f7d478b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
e5a9473baf9628a2357c5fe6d0874731

SHA1
8da20c1f8030ee44d0dd62ee87e3b5e6a787c5ef

SHA256
95589f1db4651a12f1b4726d39a82b3ae5680df25dd140da269db2276ad94508

SHA512
1dc1d76f78313181e1d0524107ed1554955a9dabd7b2e97ac24f43c83d2ff2b9d211f45e0bb77786aced09a7d63c7c1fd2fe9c43ea5198eec5bcbadba775db32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
b3c51aa167a9f55d49bf85ad3654433c

SHA1
0ec9fbe1b4dc9ee4f3e01a8f0080266b68046a76

SHA256
057f3b7e25c75653b573738d775917279eac7575e38b7ed3671dfb766a8a996b

SHA512
960439e3702cecd63dd917739a067941941c5fbecc51eb8f650127d95ffc12943d816b0956ef85e8a05146071f1db5be4112afa8cc2b1fb192cfcfa8dcaee24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
03c792dfa3556172af33280d418479c7

SHA1
bbb743765758cc13e3f2d5c9a0b29ca8910473ee

SHA256
e6970ecde2224c9ba523bdfab5f0b68b020268615d448e6c7e6a08b65fe9de69

SHA512
88148f3757dbbd9c409c1dd475dc95490bb7233e870c97c109f86f2108b395b90707262ece2e8bb1c7d25d741e58a13a27b465473030147e6d3f7c0c848e2699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb2a1440dc379bdd3b57f457cd26d40b

SHA1
8bf8af06359092bbffd30be398ccc407939f672e

SHA256
132a7f9ef5d7df7fb856c9056d001fb77946a3256e092836775079b41eba759e

SHA512
931ab82618e2bb7f0c067d1368a649f4362253c2f5f498e08881661b880e77850ffa45a4ebb7556756fb01bbf30b3b925f81819c61bef2029f8a9f1a7b8355c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f30eb3230b09a0ea191296300e7e482c

SHA1
e3207dbf650fc58bfb2e7d992fd237fd6a9437c8

SHA256
ccb23002d4de46bae9dc870f1b29c5efe33b5175a9aa253c0c7f6e20d7ccd104

SHA512
d376b4d63b31c9e2ebb5c6aa86ac9ac60232cb7a5899708d3358f08641783bfdfe63307ab29fcf1cff73fa2ccf8bb6ccef338cb168e7c35f88659cf553b9ae7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c6c12f1aa08cf0e88a584e19e3c61f1

SHA1
ef7868f99c7f7fa26c1497e79a9e17d352b0efc2

SHA256
eaa3bda7747cbd350cf354d44726d66217183a173f11f99cd56903f41e3b6b75

SHA512
a29d92a3407ea8c0af68a9ab27f9c13e3bb5bd67473cee9d8124689ee8cee3ec2315b8d4d0efbd209eb2796dc2b515ca642b0781f2d0308f4646c2b51dd37e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
15cd2a9e17d4220f589c770d81333897

SHA1
77cbea251ef349cf7ee92f4cae554016a1374b8a

SHA256
608a00c841ad06e90a5f510d44d484e525267fa36ac2e7c416fcc49b43e56870

SHA512
435abc08a9bc9dd53d272cb110da1a436217fb48865f2d0d3ac1f0b069588856465e3b451035c285bedd8e5e5e6dd4bc46aa381737e46effa24429bb0927c152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe577f90.TMP

Filesize
364B

MD5
df2faecee18214b7b268fb609e120a29

SHA1
e7c82de287b0615b73e1f8b7c7effed01ab51346

SHA256
5fd8d35c703a90718382295010fc589199ef7c2e454fc0821d516f62d1adcd33

SHA512
61c7676d0c5edd5f37b51192a12c9846c1626ed98ef2d248d893fb52bc1cad94c8ce24cc2e5097f62e6e51879d50a45300cfae39fa86f4922e8c4b7fbf3719ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e65e293d8cf52b231c2e60d066e687b

SHA1
65af9fe8983d6c20936ae4332da2bdab7496111f

SHA256
02a48f038722a3aa8699abdfedef56d3f476235b27d7373468501cea88f32ad2

SHA512
5c32ab4946399dd1f801ebbf5763c04396798352e26ed65af2dfe66f67230d3e77837b87da1d0a19b44b1d75f9ff068dffddb586fd8085f74802795bd42f3058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3664b8034ad8f1ec2f0f8b48871a84e5

SHA1
d4e76efd3f794b632862b77118096226863dea4f

SHA256
a9c803c0b7612aff35eb2ef6a55f0bb657e1d7c4bbb9bfadfed25fd0b992fbaf

SHA512
22e787add53a43516573b6ce47c7a0882a8d5e470d0e2563526a6b2de73718ec611e9132a55f61be53e85ec71bd9ad005d772e375c36754d14e0faabf99d9f23

Download Submit