a36fd2f8d5d427f4f2694f13b81c8ac040b6a537817e0e70df5c2efa295c802c

Analysis

max time kernel
94s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

932KB
MD5

ee062d96c8eee79c95f4e5ab303fca89
SHA1

4e1847d5b95ef608ba92d5fdafd15c060bfe5459
SHA256

a36fd2f8d5d427f4f2694f13b81c8ac040b6a537817e0e70df5c2efa295c802c
SHA512

d8fe6bf6ce1f9f09fd504d6e9c390a865339c1dbead6366984d35d391d980542966af6bd0033d0c562a914527cf96c54835e500b83967042d8ada69b14cd451d
SSDEEP

24576:tQfsulgTFzkW4WAovgKlod/5/5j5/5gDFHVA:tQfsulgTFzkW4kvgK0tJxuD3A

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677510049479555"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
3196	msedge.exe
3196	msedge.exe
2792	identity_helper.exe
2792	identity_helper.exe
1656	chrome.exe
1656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 2908	3196	msedge.exe	84
PID 3196 wrote to memory of 2908	3196	msedge.exe	84
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 432	3196	msedge.exe	85
PID 3196 wrote to memory of 4484	3196	msedge.exe	86
PID 3196 wrote to memory of 4484	3196	msedge.exe	86
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87
PID 3196 wrote to memory of 2548	3196	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8078f46f8,0x7ff8078f4708,0x7ff8078f4718
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,511328020096259029,8788811925494719115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,511328020096259029,8788811925494719115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,511328020096259029,8788811925494719115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,511328020096259029,8788811925494719115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,511328020096259029,8788811925494719115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,511328020096259029,8788811925494719115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,511328020096259029,8788811925494719115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffff836cc40,0x7ffff836cc4c,0x7ffff836cc58
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=552,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3852,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4720,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3264,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3516,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5260,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5236,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5548,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5376,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3128,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3236,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3180,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3352,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5896,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5484,i,11330246025857280176,10622015503518498339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3608

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2ccc0f4219b31eb35b52e9942e2b8af5

SHA1
045c4065db35ff35cb14571df6cd50decd938d11

SHA256
4c2d1da8d5e29e7a6094f08a994314d10fd7ceed1c829e022d2ff27729359f28

SHA512
97dc3259e028d17d9d58f0d1f3dfc4eb7e6432cbc2d3b24af4f6aa4b8d84be47376b10070ede7dd66892b71279b5a6ad57a8efcda30da6cb5440dd81afac51bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9417508e1ef4f9886a7a585a38f7f37e

SHA1
55ee6990c31fa5bc8a23fc9c2e75ac429c69e94f

SHA256
9ebf2b130fd55a5b8c6ec53d977784020f23750a03257da4ed949e3f62f05ef9

SHA512
9b9cab72eeaed8885d0ad5123bce6907f75f00ae98f724515dd897f7f618a1fc3c651ff7e281686675179daec3a1633ef1f21d98e380fe464fe0069a0ae4dc33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
6dded0ff4f3beb85cf14d984e1209eba

SHA1
7af1b4c00cfbd100904c6a24aa11ec746e9fd1bf

SHA256
1eb5db6f2e2564bfa7e0a00592e0891ee564844f5822a2e0256b078f2729466c

SHA512
cad4e6583b8608a8b7d3f7b82f5a5f899f52256e6344a26a682683a7b673f9d136219843926a8f82c903ecb62f31a84000cf1ed55436e45720c1e3d5089d2c02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
bc01e5b5d68e13ce44dbe7ef1853a85d

SHA1
87a8c65939c7081a2577d33eedaec87951774eb0

SHA256
1a15141daba4618ef83893a30237b88af6b562ffb9ee03c131e656d6951a5733

SHA512
e34bad55c538a2a53541a04ddf47a7d1823c303b33363a8315cc0972d5668c1fb1f58ef85cd6777fdee5cd5833f18c8f6187cafdd16dc15f5400fbeae651a080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
2c2cc583e926db9d80438551c59f1acb

SHA1
fcebdd96f7e4c512a26f5522a500ce8617edb796

SHA256
5be005c9b3750ed164d8798f7f370f1f9fdabb7c7163a662347889b68e962841

SHA512
4e9dd4ebb639de79c994f666bb9e01fa6782375664611c004083bb2d2fe07059b4b25cc30e175fe45ab1e6be5ba1e8b3c7c2be9190181452de9e8e3b7c1d161d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6c4f0f2ff187ec1f9e11ecb8aa072556

SHA1
5c3bd0f75dae14969240352881f9d37aae0c9851

SHA256
441845fd887f27421717d307948533a62a5d28cb231f5ca88d6707bacb410d34

SHA512
24403428325dcacfe9d61af040aacae0f05f4fa02834a1a97c938b62f497c67ce9ca9bf559bbe27c585d69ec6b1f05dd43aed83c41ed5cb9df33561d99a540b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e061f3f9ef1cef80de2ea127d39c566

SHA1
53164f0443cd21f24834566d66922172987e4c93

SHA256
b1b2689f5ea7a30fcba211875c5b308f928d0743ba0503918d5338802f5df504

SHA512
cbbb0ede2827faba14b3257b1414c943086bc715316f44c830997827d910a0c35d32a2adcafd53de9b8143717fcc466b0acc1f9bef7a965ca2445442b1aba485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2d6009b0113a9ad8e3bd42e42e91800f

SHA1
f07dccd7d5eb19aec7a11de533f57bd2fc9d43dc

SHA256
2bb2204df9d092266ef45365251648f41afe769e9eb9c4c686bdf87418cff7d8

SHA512
6ef78762bb687b3f39c3729f4c529216e37bacaeb20b33a96083f1fa8ee278526e131af53ed5110d6324a5894d1bca7245fc91ae51013f88a64a5b2c615098f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
390a659413d03b04807d431025c55465

SHA1
b6776b4162c32a881902b94acae0db2f93b46180

SHA256
e47db5489ad7cfd5480922e15ac41920c68400dd6b807a97061f7beedb2a5d24

SHA512
86e6dad4defd6b3185b179f7de51b0ad7853ddf7aeec8f0b4b1e3f943c6da9c6fd264760c121d54fbabf8fbc4db89a27164bdcef771daae99799084224e0dc0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
95e62f568daaed78d5b2305c9171e74c

SHA1
29cd9fed0e081ed95397b3a8ea7e1ded27ca3b29

SHA256
5015fba984192666543c27014cefde324ed89bc82b40b6ed70e8baf966b42620

SHA512
0991e5816e7c3a0974de571c36183dd1404ee2a830fbc26202cd4e55c27e3f0d271025e7d9093bb2fb35bc5f85cbed6cad7c39af8af55b334829f5b05b8e0753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
514e41aaa308dee71d148aabfa1217b7

SHA1
6b1cd4928167063aa6f41160606d5ef0851e0468

SHA256
bf0ede2006607ad90db2cb831403607aafb6a6b298fd424a295bd7e613526952

SHA512
700c8ce9a543235333e5ace5c062485181282ded0088fa2be4ba722b41696fb4993434a7a565a91f140640f647f55da904e8bbc5d2224f3d0ca2e454d4443a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16c0d80589cc0c0feddf025dfd5c76a8

SHA1
e9935e6380a3efd7d723c3cc5998c3f7753f0d91

SHA256
acaa38117795e77780d52f07e1fd85661db24160aca75cbd9c91a8c2f0dcfecd

SHA512
91c99873fcadbd92726e32e40fe370cb574a549090ca7b0524495a4959cd1790497b15c1f24a4f4df4eb1d875ededa850af39dbc64eefaac6edd031d5ad45ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81c4f7c2234bc963deb29ed718907d9f

SHA1
1b949f1e0c3857a7743828d163cf0f5fff8892d4

SHA256
42705a8ad234e1974bf09679b0ed8e9e58e30ffa74111d740a9c83c51c135f14

SHA512
4a1b8a1b5477ff55f841e7c7eeb35b13a871ce5635775e58b90ccad5d3b55512553bde37d5386e3e37351c03e333986f9c9571808ebdccd3e0e87b0b67dd1d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d19530f9d4fb9a3c0e64a276ce33b852

SHA1
3f6c2f9ef93e1fea6b64de34db1d24795f69071a

SHA256
847dfd71a4972272f532faa1481e4ee4ad9f6b94ef9a20176c684cefe6a2672b

SHA512
f86d714c3235c770582968ba9d1625c4e2622a9761eff947b77929e29c840cad0a52adaa1b56f422665a85d7f5af90358f00a3a9cdbcbdf3eb16896ef2ca0933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9d96abbe58bfe4d316afe2aa7612f066

SHA1
04f3a024c23e9c21e184194b1b0a10d0d330c0b6

SHA256
ca94ccb04ce3a830cb9f09e1d8818365603c6126a85408b6e5c74efef98127bc

SHA512
4f1b62e4ee183dce6cba774e788a8e0fb9807ba5957c4e07f37b30b8b15cca5164b25758a88bb6a58fc05fe0a69e654a5469dee5a7f23957a70dc6e0d4a37611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
1a46dd8cf99109f8e4eddb4e7f264046

SHA1
e9edc06f48a7215f82a618c5970d77f313bdba89

SHA256
2320be67d92e7841481dbb331d7fd92cf609c61ebad8e8f50a13ba065dabcd8d

SHA512
a0f4d78b4d041d7fda767b2a620d49c6a7537c93c075982e039f2ce0db12c22d5bcdac06923b0ca54323ae673126d9cc6faea70863434d1af93b114107d6b41a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
b3ba48969a460a93564ed0401e61e525

SHA1
6fb27bdc0e95d6d64e78d791081aad146e6c7238

SHA256
75af076e71cb4d70f2418a5a1d358259b9fe35ec15b885b58c70fb22159341b4

SHA512
ec6cbd063a9b0dcdaa2ceaab256f1f006acc4afccfff085cc94d1a8f1c4ee50fe3b4979c14b63097bb8e162a57009cce0fe31fab774ffd469386474f7fe6269b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
368a364a365e77dc72f36d0beab68d76

SHA1
7be750910616764e7fdb735b3848388b64760f27

SHA256
1e8466dbf94aaa603dfbd88295c71698eea5ddf30ac43c5961c48e8f4e7830d1

SHA512
e254dce8b4a40bcae0c70463bb8d2cad2660cc5ddc74f3694da3973b7b5cef57dd43006cf4948fc5c017f65d3bd1e8f3469ba8b51bca2c66527b827d89ec864c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
33e9f094320fa37b143b4bc92cbd923c

SHA1
ae03e9c3fb4fc16eec79018f2f467c9b55a65f9b

SHA256
8d80796155e03ed792a82ea502e22ca62083f37c6321e4d4b7c986d3d887e25b

SHA512
997be3e4ae7f4b5583b528f1d0c0087db6152c8ffdacac45cd9aa1e578a895ce3f0bbe5415f7b7c7808945ec80f0d1a495101bd1b63c735e0833f862331a1a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
67aff574ca23abad773af3ddfdbe76c2

SHA1
fe3962a35fd346bafd42b3021595f9480ae85743

SHA256
dd4beb1cf77de903f2b66972290eb1dfcbbc6eebe0468293a108ca4d27f6b67b

SHA512
5f1a0620ee4c044a24b0fedd6043240d9abdbe4fb726f5313b417bb864c715aafc3e2799f926772af02a01b8b75ea8f3e1f57fd9e9caac90023ebc43580955c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6549c6e58b7c75c2312ca20f8ff7222f

SHA1
d71f286535bc64f6c729f632369f77ae445e312c

SHA256
003ff2c6c16757b8a6872e787fc6fb0c60d92e7325dc5266eddc098bb6361878

SHA512
6086ad7d963705b22fd11de989915ab93a17786d973ccdb64b704d7662563dd7d440fedcc6aa9e897e4347a1c1673b8af1e5a52e842578b587cd3ae147ba4b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c85ad86e12ecad533e4623a224c00e0a

SHA1
5e23d4b134b00914b882c603bd7e3404b1fd6d48

SHA256
8e1d52f36e7010f59ce4841baedb225770391c35e544eadedde15a4339df463f

SHA512
4c8cc04a7452a6f7cf99ee90ac5b4dbd18385a3da1751fc3710543f2861536368be698b2ab29434bcd818ec4c9dc133daf3b7698e854d3de349c8f0aaab62400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32341a80088ee9708984b7434da2ebe4

SHA1
eeb33fedb6b1b57006cf993fb0ad7669d9fb5295

SHA256
035e7814be684a319e27d2989cb99d9db15a7c14ef67859874133fc855ee0d1f

SHA512
c1c61201d7cb1087dc14fcb0f414fd6993bf73c352d388f42fa11994d810d2dc2d7caf2ef54d307242a78f1139db7906029488209f77e0d9e747a8c9016dddf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
78c402af4ea7851ccef360e50edafc02

SHA1
1bc1a66a24e22ba8330a1cb3d160cff735161519

SHA256
2fa75cbb6b3e8bb4d1dbb551fca019820c664681e2ad056a3350a8c69c1bbeec

SHA512
79b066c8ba1fb8cd3787d3b9e51b313eca114095dcebd620c5d37bea757836dce3b2c35085b492a7e2e02f72bb78031cb52cdd0ff907e366ca3404f7d73f32ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
b5c3af4752705a95091c5177411ed448

SHA1
5982a0a982fcabd05d2d8e1fe9e4b104deb138c6

SHA256
8d181332aa385d774bc5a94b2e5c69429f06d03b1f1a974cfcec770e48e6b1cc

SHA512
69790696784c576a73d6c79671e102b7dc5100b6ea26775ba2020c1e68d58d310c9b8d0ee107f442d4d8773cdd1a4f8ffae76169598fa1f5ac94d771062b1b48

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
14da421c9f68deaa3f980aec175edd54

SHA1
eeabcda2fcb0b2b57460553ddd90e86a5a456178

SHA256
19bcc2d67ac65417b177072cee5a1805e6a1945ccb4f764723f08961133e13cd

SHA512
4edc285bef68c9200b284303e00032f007b810d3b235a2efd5c6a4fcb29c42bc350fb6fc07442186478da0d6555b9f765da429ce64a27bf1030f896d93faf9f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
feb004f775d561a0bdd9bcfe25f37fbc

SHA1
e78401e6e15a3f96d0ace7477db03deaa6d70a9e

SHA256
8d13135cf29021a02502874273b9db14eec46e25eab5693366753048a62d62c5

SHA512
66135f3fea284c61654a2ca97e33f38e0105e7a8e415915401670e0bf8a4e98182cbe2daa0e3da3bd5dd7dfecd81485837aea13bb31dbc883e286377c8772a36

Download Submit