hxxp://google[.]com

Analysis

max time kernel
187s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 17:35

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "103"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677850007041709"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
3888	msedge.exe
3888	msedge.exe
3984	identity_helper.exe
3984	identity_helper.exe
2060	chrome.exe
2060	chrome.exe
6052	chrome.exe
6052	chrome.exe
6052	chrome.exe
6052	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4372	bootim.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3140	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 1472	3888	msedge.exe	84
PID 3888 wrote to memory of 1472	3888	msedge.exe	84
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 2968	3888	msedge.exe	85
PID 3888 wrote to memory of 4556	3888	msedge.exe	86
PID 3888 wrote to memory of 4556	3888	msedge.exe	86
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87
PID 3888 wrote to memory of 3700	3888	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff969e246f8,0x7ff969e24708,0x7ff969e24718
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,5663866706626468899,11056993510180403429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,5663866706626468899,11056993510180403429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,5663866706626468899,11056993510180403429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5663866706626468899,11056993510180403429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5663866706626468899,11056993510180403429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5663866706626468899,11056993510180403429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,5663866706626468899,11056993510180403429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,5663866706626468899,11056993510180403429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff959efcc40,0x7ff959efcc4c,0x7ff959efcc58
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5100,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4776,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3368,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5220,i,6792910233902522307,13033507216465220351,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6052

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5936

C:\Windows\System32\isoburn.exe
"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\Downloads\debian-12.6.0-amd64-netinst.iso"
1⤵
PID:4508

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\debian-12.6.0-amd64-netinst\" -ad -an -ai#7zMap8071:116:7zEvent25710
1⤵
PID:1416

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38c8855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3140

C:\Windows\system32\bootim.exe
bootim.exe /startpage:1
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
414f836fedf1186b2b104e85a2d7cb02

SHA1
667e29383f0eccb0d77b13de31346572a7ffb0fb

SHA256
bd0c161bb3aec979532c875848aea7555e991e57a78f838d1e94292df053c70c

SHA512
f0168eed9418dd2ea39f8099ee1fcc9276437e87584bd6534128b33d9f43bc03e105a9a2a24f12d6cd30991804a3f144a907f404bab49e0a6315b7c0bc0f1083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b901328549a30fac84f8279d1b6e1459

SHA1
149031bd7d157b0d3f1d46a0a5ebf779cd38577c

SHA256
887cf7288a62ce18dc3cd0b9b7eb290d0a9fc7675ab00eae77f08dab39dd018e

SHA512
3650c0ad6504abaa52ea23e4fb507f5c5ab50264eae1b7bbd450e02c1211a3732c963d077da16ff3f2adf9245c50496092be1a58cfb6799f9a2fc5c201bd22ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
2dff7a80326ef9f628b2e8f25bc05ebd

SHA1
111c3648b566eb68b3fdccd96270e1366815eb30

SHA256
f96cfc944576cf9fa37617ab92efa8bb9861f65bc10536e7987fa6ce382af387

SHA512
13ee89ccd102599ad55be36059669836459af931af357a8b137654fcf84d39a0f310eb0bfea9ffa9a47d635f68858f5f881c37251f9f30508abb5469b5767978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
48f68bfa5f014de244d47f64143fb4fc

SHA1
ad12c7b96fcb109ee472dfcb89a495f3f0a771a7

SHA256
09d42cc62a401dc4167b34de2391717773aefebd0eacb70f458656baefd35c23

SHA512
8e42689f78ba24ec61934a2670f4c40ca2f168be78235358269194dbd3161a0df0b72213c149945d380a3d3a37aeaa154cc31870010f22aacd3a590683cd9617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46e620791d705ac7bc8f1d65d4b73fbe

SHA1
ef83a961d4eee46eb84eae63e6c77c2c225b3482

SHA256
8d8036e55c20f2cab60a9bd781df97cb58566c8bb0afcc4cbce2cafc856067ae

SHA512
9516322cf63741baf3d3931822e6e0c37db92dc795fdb73a6812e04dcebc8e7bca432b8fd6e727cd307dba174756ab37ac36b2c8873913564011c54f17040d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5115bbb3d58d646ac04ba5ebf95fe4a8

SHA1
4dd14e2465193b04f9dfa5da7795fae4c8f0ab6c

SHA256
3e46f27eeb6b5f96a2ab5721cef2ae5280115152c3da1e18b48fc14f1b5dbc2e

SHA512
129677c58d9cabb7ce9f8d4da861aa888ea9026342cbc1d857919f2c5b14ddbc6119792a2e2d8d6d2642c0e7b57b5928f0de2505b83e9e115ea6182387172cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2bc40fff83f85bc6edbc82f412359cd

SHA1
69b14aabb7366a21a9e1f5d0fb6e23feb8b3a7d0

SHA256
f43c9932bf31ed1c21a86602baac211d27b93103a65b584c63a2cc723d9d722e

SHA512
2305bf700d129b5b7451d82e3a994a2b3b4b8dd23750c36d1248e3cfd52f73259c95286461472cbecf2ba8fc70116f84f1a6592a1b24553b3a2bba44e799abcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7303da731d0c4d510575cd4df7f0d9e6

SHA1
37b233c00e062eb7b92feeb51b2036cc7d309a53

SHA256
be627e8bbc817f61ce6ca5b3c870a123d4c9f58e54f37427461d783140964f8f

SHA512
6a19358f45112eaea804aa241e0bf9df46a7d58d1668a49e7b018e4c69a573f144e0c20d902415400c4c43344b6517d821766897918bd1fc6de092d8faa56a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7921497c8ff0d898f868fc5bd54c0288

SHA1
d9f6b48e90c00aa897f7c7954742e9ec91744d18

SHA256
6d3b363eaee67231c9bd9d1e41c0145fa4d684f5f71596bb4d6663a0f3498040

SHA512
af32af210df2d143618ec1133582531f8c2ed35f5c9367ee7967afc8445078358d80313e3b345ef5a8e76ebe75dd35abf583514c516b3fadc94f98bc36306ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e689e70f098aacf9fe6c77011ff4e936

SHA1
84fc73ec54096dca2ce9bfd2f53ae9e5ee03ff50

SHA256
fdf7d7ba6f5a8923ca41e712fe3d41961f51530c138b0dcf79ac61f70bcefdb1

SHA512
99c1dc87e85596df60876c59f82e6593924cdff58bfe2f45dc60a8f9feb4056fc7b7f5fd8faaba056adb31fc3865cc4f2f9aa41e74bdc558760d4f40534f4919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd9e25e2df19e6a8118ec8c304c58074

SHA1
14171b5040d3304f9b866e5d20cecd3747776778

SHA256
9dd45387f7b6b77f8598a74df595ae5e704dc4ba7a95fd95c357586f9cf2b0aa

SHA512
67d10001f3e8aa915a84dea62ce0716c88c09f1ca205c0e55d2b5c6ac156396e5c8f4c3db9a1be2f21335855692cc26b5f96cb46b84fbfc1d41e522e7591ba1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8adad1c22b8aeaed29c8ddec8b16e212

SHA1
0fc1179b9979ef3b925cf26023e2d8435708fc58

SHA256
b43ce0499f3c5599eebf9ce00b21bf11bec36b7f7a2639e2f60f647c3bbac2cf

SHA512
53e6d18485d8ce20eb1cb692966af5576aea0a9f7996a95cbe9e01a1df084dd9bcbed8a9000164ad6d2567305255440b5df8c6dbf9bff8d1822b5995cd3f8e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61499e199355cda12d2cca6015c36881

SHA1
6f1f661fd2bb95c3eb813248eff25353a0e08141

SHA256
f4a533b53b38c3581850cec323be3e8d76f6f654294cd8a0f8bfac76ad2c4fc1

SHA512
6c40bb62516a94cbe008aa1d26e3248f11071542f798c1c64f82b5c3d2a463eb0d499c38db318069a89fe73cac5b3ea9e8141aea168b0f5a77854ce5da24b524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f6da2935d2d0cc0bd1fa183b8a684055

SHA1
bd24c2e5c34f92ef851732628a65039babd20bde

SHA256
035f9a06f59fde6804f0f59a657f292b9d321acabd93b31b4f246dd65d489edc

SHA512
626c50affe614d97be6cd54650187d01def38cab5de2363dccce08bc0ad2c126496f307975e877ea8b69bf3a560886fc883e7eff45673b8b76e75b0086325c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
c5a8f2eb8530ae734a7cbb100153caa8

SHA1
0a9203d7fc9170a94912a99004c755cfd3ef4ff4

SHA256
abdabaf033b7b3a360fd7a09b461888d99c6975177d620cb6718f1eca0db390f

SHA512
6374b9145af7fe754aefcf73153a1821c0102249ea31818d8dad3dbe4e0d5859ac1da2f287f27030537fb4aa81c44a80cd95eccbb9a984cd861307fc98da5290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
3a7367898a19ffdd863056818f981abc

SHA1
cd08839f167a8680dd18ce6217420fb6e19bd152

SHA256
7ab2b25f3b187e5229294c5f3e120c8f533f6992f68c1673ed14ae2f6e82ebc5

SHA512
5eb2ff98499294aac434223c78650cbf053299b455dd199879574263baf6c0457ce3d477779e28454178736b9bfe562d2cc9deccdacc2e42405e0cd09c86c00f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
36a33b8ba70cd2ab1e91d327db60e543

SHA1
0515c6160269cfa6590172f0c87dd50568e029fb

SHA256
1043ee752a812b9a635ae2f528de3c66e42d6864ba042707fd8f02e9c4516028

SHA512
0ec54f5a3b6fa7e624d23b8047141bab4977437025d78bb39b290fd610eb9d6df369af20fc916033c9bf35461b67846d12a0d92cabaa168d252c6a4a5ae92cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\94b631e3-d185-4023-8111-83127d3e8859.tmp

Filesize
6KB

MD5
64895043fdcd80ebe3fa4598eb98d825

SHA1
d5e6c70cf4860fb4dfc2c0da917284ab0d2cecef

SHA256
c588ec0c9a58fec31e37e04b6bc0a47f5124acb50349f4c4626c82a3d1291a74

SHA512
55278100b3731aa60401d611935714e309c87c2a4059f1dba60aae11ab9c9286fadcb460552b8c83f188156cbbbd39331e5d321be6f9c0b0d49057e94bc474c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a660f716f5ed4ce3559f08b123ceb388

SHA1
5f431c1adb2da682bb465ee7d916575f067e7b12

SHA256
786ebdaf36f786422ec3764c32427b7db7103bd48c23167c2a0725a57f7bcc05

SHA512
db6c474e0d030d60ad59a37a766a589f891f4ca76a734c60bdf95c9fcb3574dcb60e156e63b7ffe60d1e790b3773579e56542cae17d0e4a0df504173bccb1bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
ddd6ee281a1c47468622d07d7872d7f8

SHA1
584c9a793fcb20d7c352d5be9d5e526beefc3f3b

SHA256
2b19afd20e5074e4bd6862d50c8b68bf1c245bab212b3a8ed68e99ea5a27b040

SHA512
b1190811f092c4acd98d46ff414dbfab30d550b9a19ce268bfde637969ceaa1fedc8aa60492bd3ec7acd3321c8c4f85d6dc0a6b2259cc6c21d5de2a41bac585d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a07effcb9526d52b03144a439d7e1dab

SHA1
594f33ec66547db60c39dc0acefdafd26ac46947

SHA256
8be1ca14878d318f49bb13e3a39c590710405f61a9538eb5ee58a1a7f3f4c58f

SHA512
51fdada77d74557cc4bec59e1f63ba6126d2f41744eec0eb82271709304616355cdf0624e889982361c55ba50ce41e658e7956766fa636520e4c7394fddd910d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
569347a075f0be81328d5d60654f87b2

SHA1
02a3837d6cf7b08c983b09b8c6afb029c5312cb3

SHA256
adb04193778a5bdf95868d5e2fee5807a3b0e449a1482db17ebe47ea6b1db97b

SHA512
5a6ffbac276c97b41dfcca850c8f86958d6c06863c8d66faab45acfa7403166aade7124528b3b292eb7e8cfa228ee87bc53ef67bd9ab84dd8218b955910ce900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
05c1ff193e6d86ccd9b425074b28322a

SHA1
0b0c5b319e0338b1dc030b6e146493d701449764

SHA256
fc912f18946f8fc721c0e0b74b8136a922f9511982675fa326b29a2c955d9276

SHA512
43329d20458e2c63c241f6389982a10584b64ca153131e750d36a66ff20655b5476cf3b5a71430a7eff96d4e5fc1fa3311c609e585a8a0edb76084b1efb2c96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb33b058be071db17f49f466f0b8cda2

SHA1
7698cef80d36fcbc926618a5a591c31c96bfc734

SHA256
f839c1684e279eebca4b8b07249836d6700d646caa1f704cb3a331965dd8599d

SHA512
a17ebea5a67dcb15131d90940435fd202b2006a2f32815eed13acb22c4fd3f84c1ebd0b88d2b06e446141f283513112aac08c4f0fd34b1975fb0e9d60c04b1d8

Download Submit
C:\Users\Admin\Downloads\debian-12.6.0-amd64-netinst\firmware\dep11\firmware-brcm80211.component

Filesize
17B

MD5
7e6f43f1dd1ec551f5eed63652f35ff0

SHA1
f9f316787b7e643a7a0a75106c04c0caf2f46138

SHA256
ebba8e70bd1e399795fa2e5bbcb26d799862100e59710c00a6f4f9cd2fca4b8d

SHA512
a00c6f453dbdef0f406dd432ecd67182600a6ec9dd15763ef4c6aced34695ac73f1345b113fb49b04fbc36abc8a198e735fd09475fc473cf06e6cc959ab027b8

Download Submit