hxxps://www[.]daniele[.]it/

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 12:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.daniele.it/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679411854909362"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
3436	msedge.exe
3436	msedge.exe
1992	identity_helper.exe
1992	identity_helper.exe
320	chrome.exe
320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe
Token: SeShutdownPrivilege	320	chrome.exe
Token: SeCreatePagefilePrivilege	320	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe
320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 2452	3436	msedge.exe	84
PID 3436 wrote to memory of 2452	3436	msedge.exe	84
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 1232	3436	msedge.exe	85
PID 3436 wrote to memory of 4336	3436	msedge.exe	86
PID 3436 wrote to memory of 4336	3436	msedge.exe	86
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87
PID 3436 wrote to memory of 4732	3436	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.daniele.it/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe54e446f8,0x7ffe54e44708,0x7ffe54e44718
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,8312437600242075134,3403065203663822581,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe45e3cc40,0x7ffe45e3cc4c,0x7ffe45e3cc58
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4412,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5364,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5412,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5304,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3756,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4404,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4908,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4048,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4792,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3492,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4632,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4748,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5468,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3480,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5312,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5460,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3376,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3428,i,9898386053295989717,2208345741783045866,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:444

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2266d7dd-4ac5-4271-b413-9965434c65c9.tmp

Filesize
9KB

MD5
f76a8745b4e1f5ef665ced3a3706acd9

SHA1
e85bd1f0bde29d77a9f66b959845ad46ed9e8c21

SHA256
90ae9d4a5ad800f29fb69bc369d0facd6b7078574629c850eba7aabd25947e55

SHA512
7c8cfb6866edabb0b9e00e75d0c1aad1f0933d13cf4d1a828e3969252651a26c2c9b0bc2859faa181dcb0edeebb4b3b273e9394d2a99cc91e0bbc2cb39b57050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dda161e65217d0a92ab2e09e7fc2763c

SHA1
bcd86e8ebbcf5fcd263b6a5484fb91bbf0e66684

SHA256
e045f2f522e7aa1980d79a1a4b58f62b810a4dbc22e9630365d6cf30e85d4a7e

SHA512
ff4dcce1733a636d0885f08665f9e7ce0d38a5a8c2f7888e11dfedf5d427d1b4ef883c694a99eb330764763fdced5e224993b9009eb055ddac2fa16903f5e9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d590059e393a7351db6116b794e8aa56

SHA1
d426482d47b5b974d535602f47ff03c4d8fbe0dc

SHA256
b4f280fb734326b5b67dd9435fcafda4f76314782316e1aed6cdacb4b9a1f9a2

SHA512
febf89c4b8364d77099e0dc8d456f0db1741abc19ef0a2a8071e13416e5d8e5d3870c330cbae59922735fc4c8f75791899b1f335a10eff36d1a40301650192c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
0e1cbf0ad45fcc548721a5fbd6d53224

SHA1
2ace4ed01a42c8d82310e52fe5be30f47f6f41b3

SHA256
a0194f59c3246a15057d3598266f10664795d05b92ec9740947adb4e0f35fe0a

SHA512
9fc51e681541e2c56373b253f9a2f7373e2c151a8713ccc0ccca5a8e1a9786d239aebf673625034b642ce8083ea3161bd6d9b9cacc54c63df2a48435b5f0a191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
94dc963c3c676697b2023b7ff63d88bc

SHA1
90d61c3f9b2cf012d5a015c280f94cb1e523c48f

SHA256
b3bfae7c46c74a3af0feb584e36f24f3448c3c07b8503244e47fa8c56cf6790f

SHA512
6455eff8857ec93d300e0f25adb9481099047ee9b292699f3e1d05446cabb62291bcf738fd1b7f2e99fa6bd71ec991270cd8f920d69085804345108d6e26f07a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cfc998d25c2ee620a786227aea2b3409

SHA1
727b453704f4b848ee290766d3f0c4350ac42966

SHA256
5a5e8572815a76233ca28dab026d66173a30252829c6339c41e145d67edada53

SHA512
5b5750cf0aafedec05732cb42c40eee9d1a7442b183a97b678fd49a3ed7bd60c7a8b2ef15f2f5970dab3b91c20915bd7709aa3015d07778d026763ea551cf56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6eb3f473aa355d392c4f186e29d5325d

SHA1
48171932f1f51713555bcb34619b90940a333b69

SHA256
0272f874303841cce156b21ba4e897340d3e81c76c2e43e2023331591f78a64c

SHA512
aa0501d5d59edc28a45ba9ab31507d082b0965e10af46d29e29b65aca88172c8007fc949229e7e30f178ea0278e07f5359c04376a0707858385f0b1d74f1e375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2486784bc62051584389b5964c33bad5

SHA1
b7222ddbd5f367ea1d4f727a2df1c21ec54799c6

SHA256
9189c447dc80dcfcf5e81f4632a8b86c23cc49ac51bc68c92b8c997e0308172f

SHA512
8cc04a2214e71afd9c4c65e558a596d908c67fbf9d8b82d2a65a5c8007205b9d5b77bfd894294b63e514c92f72873b542d8874720669db7dc7dc0ffc53e0a409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58aff48ab0f2a84c9b7755dd240ca3b3

SHA1
78e849b6858a04ccadb3b4da4a6c7ec38ea09dfc

SHA256
1bb1de42e159682c3e887e57184e1434c2f222ba8445f058be8f83233252fc40

SHA512
6c7ecd718704e713c1af9efcc04384ad79ca0b8d27d8a88d5b899515a2ce7a9d41ffaa0120517b296aac386e58e360c9a3d9a997fa0cfc7b3adc1cd0d395e8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
067212f921a87d2f19aa7025100bcce1

SHA1
6c7841f93a8e4ba4bd378f5d8a3740dff9b5746a

SHA256
75d80d4f882f997acfc16708c8a7113c042239bd32184bccd93c0b195231e4b3

SHA512
7acd2c5e94774c6379c44f2fd063547851feed3ad9383e803b20586d43cb69c92119b75abdd4654ce5dfc149bce0edcb8750ed4a493bd9e8533d2a45a6fc6d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c8eb98c8ac4f527641053147145fd0d3

SHA1
030221a99e876d61e742d40a68c3cf629d425e46

SHA256
7f0d3121a53714ab1f9cd932e8f212fe7e28caa8a945ab019ea401ec992386b9

SHA512
37588301f7fe054a4e4047d5494147f0bf2be1130169ef5b3db2ccb5e1c34b4da5960a0ebe755298391776871e4a620acaeecae418cb11daf59d379ab903b839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca04c0238043e8b63366d44b07eb8c23

SHA1
2564f0cdf3991acc5a704d320dcf3294e0da96e2

SHA256
b2900702b90102b3789f0087f1e807a243d82af6b4ae6b6ab752549e303c6690

SHA512
de18bd41ad4f404bc7ef28c2a152c6acacda1b7c760fcaf898d4dfcde9ce1ceaca70fa560e12b5463dc18ed7cc31bdaaf604b735213a27dedd95853467071b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e60e3359ad58e17b724e5c8ef9b61e49

SHA1
e7ce00551a211bd67515807af40ed975fdd41204

SHA256
a761784d09c1b8d926c0bd32157a6cb119c3beea84a4e9cb0652a4aab715643a

SHA512
0436b48a3c8ce46332fee728cd67cada18dbd56de00f1ff7b46595497e849d8e3d59d3fda04d372f0216b89d98a4d7b3f0740cbe75aef0daaa327162c43a955d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
1b78e22a3cec5e65082fe79441a1978a

SHA1
9682ed5808c91e7266c671d62b6a263f40868429

SHA256
da198b6e42ccbff1f3f31fe8753a22fa0a728ca9c5dae00997d47fc5c8722f56

SHA512
59893e785588c6b83457d771c940fdec26fef401c0ee251c3489ec6c536981b1097479ffd232c27c36e8f37b03da394428acfd160e85da8be66b09d846159890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
db65fa9e7a3e231250cb7c227ef3fdff

SHA1
1ab82661bd536dd4e7a368ab0f55211c626ff7b4

SHA256
5b137ee6cca290ffd4eee6980200fbbdaecc49b35ed612cad51bced808b04e3d

SHA512
e663736dcaf74a6520e3d50df471788a0480d1585b8a5669b5d1942b759fc55b40c0d5c2b79870e3c06af9632271e662e369c7f254ee95d2d0e32f8fd14ab5a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
356a82205d96d71f452e3b7fbd180ac9

SHA1
ee120b51ab51a1eb88fc5901deec9a72716b5373

SHA256
6507cd9aa2455e2976bf22072505cb6de452316092da81c908594c23fe3285dc

SHA512
5d157b92640034bde30ec671618b3761d134ad70f1bd278b76157a5c5faa441acaf6c62e2f6ce9a5f5932af067da1955f591774ebfdd07ea684f0bbf4f939920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
898e5ce5bd5b302208f2b542e028278d

SHA1
6c590099574c937e58a95665a159718a74d609f8

SHA256
533b34d6616e20e57a11041e915dc9868b898541619da0b3be589f3cd07b0c56

SHA512
3f5fc7a9d64c2c2071e3496dfadedc7e9b077d785bbaeab23755548e2431c52a258212d3665cb822d2420bc7dd7dc74c4df944e461004678c8ffa41e4f5f6829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db8e6ba17970df09527f4774dc54b6ba

SHA1
fdb1ede84f37a5559e03474c9336c3315e578e4a

SHA256
d6c887105eeb563e89435e98db87a471a235945acd60208f19694426ca7c5017

SHA512
4095865540c9b8255aa8f2be81e12d539ef807ca72040665d98b2370cd772ae485eb965a99c69e8f1fdc508e5959fb1333b31d20f4c71b2eea26400713bc4cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a421b7b126fd4661b6826e248f3bae6

SHA1
907017f02822fa41e531431564ef9b06ee2af9d9

SHA256
850b541f553c0fa233eb130f7e8f13121bc5aff07e91bbdb653818087c6fe5aa

SHA512
4c2c863cbd3cd646d14ba46f9f2fb7978914ab88ebe8e5d16c8e4e5b989668ded2836a1d85bef4b81e9560862e3fbfc8c1df60d8f5bab6f5b5b62fdcfeb65368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39fbeef36020dfd4764311446fa82386

SHA1
01d2bdf6b0d3c6ae8157b349e3aa651a66a2aeb9

SHA256
bb940446158e4f9d993aed19fd4c558aeb7ea37c89d5b31fcf06dc4b08c84df5

SHA512
f28fa2144c1b01ec4aaae1fd5967d985e5192ca56f72891fc7aa135fab1d3d35b50dcfbf8179fba15b7a1215d7818abcf7b21710c48a183297456f56c8696784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1117ef99d3038eed9f150daff3c05ce0

SHA1
5050425c16a1a756f16a4d59ecd11a36f264b87d

SHA256
743bf5531306b08196b8b9a9c8294a78a94f826fdc7bc07fb71b72a8683511d3

SHA512
68d61edb7c005bc568bd7ad42a52aeac0ea5de935ecf001074e64d82820748fd1daad014878ee4e1a49b3dad0d79b3a3c94d0fe8fc38c8aeeb9a7d550b9184c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
711decb9ddf52baf4a8b6e53e4f24c28

SHA1
fd956ec544c081f3078146363c0d8a28c0782a89

SHA256
8ca52956e177ca0777a0308d472acbfc40a105bbbfd7b2ab0d50475a224f32db

SHA512
5843dceb2451b07304b23622bd07f6c55b37579337b0e725ed748f2149d76eb45bcc250338c474c41fefc3ebad729de7298a9eb7d32332e75201ddd6f14d2f48

Download Submit