hxxp://claimrobux[.]gifts

Analysis

max time kernel
2099s
max time network
2090s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/08/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://claimrobux.gifts

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2800	msedge.exe
2800	msedge.exe
1560	identity_helper.exe
1560	identity_helper.exe
1256	msedge.exe
1256	msedge.exe
4612	chrome.exe
4612	chrome.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2784	2800	msedge.exe	78
PID 2800 wrote to memory of 2784	2800	msedge.exe	78
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 1448	2800	msedge.exe	79
PID 2800 wrote to memory of 2232	2800	msedge.exe	80
PID 2800 wrote to memory of 2232	2800	msedge.exe	80
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81
PID 2800 wrote to memory of 4212	2800	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://claimrobux.gifts
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1fd23cb8,0x7ffe1fd23cc8,0x7ffe1fd23cd8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,13816393563530477862,11223654622297284038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0c73cc40,0x7ffe0c73cc4c,0x7ffe0c73cc58
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,11705321398742895544,10554203122026196812,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,11705321398742895544,10554203122026196812,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,11705321398742895544,10554203122026196812,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,11705321398742895544,10554203122026196812,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,11705321398742895544,10554203122026196812,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3776,i,11705321398742895544,10554203122026196812,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:5252

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:?url=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dnotepad%26filters%3Dufn%253a%2522Notepad%252b%252b%2522%2Bsid%253a%25220ad0f2fd-e465-95ec-15f9-a5c5a03fb776%2522%26asbe%3DAS%26form%3DWSBEDG%26qs%3DMB%26cvid%3D1afab9db9b3b4b528297020fdd245eb8%26pq%3Dnotepad%26cc%3DUS%26setlang%3Den-US%26nclid%3D18EA23DC78523056A875CFCD02E1A2F3%26ts%3D1724138536068%26nclidts%3D1724138536%26tsms%3D068%26wsso%3DModerate&timestamp=1724138536068&source=WindowsSearchBox&campaign=addedgeprot&medium=AutoSuggest
1⤵
PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1fd23cb8,0x7ffe1fd23cc8,0x7ffe1fd23cd8
  2⤵
  PID:5556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9da4005edf6e57db388a284e200becdc

SHA1
17e61f28358178240c0138e007298302e1aa14a6

SHA256
e2112710237a54af16f89b0a42ed99c8a7a6e54ad30f4d1c845ad1cca36b7fd6

SHA512
dd2354b288cf89289357dc67d63db473e1d90e6ce41e5f1d9ad1a821a6ae64e73a8932a4a86af0acdfb52d46363f34bc48e50172137ff312664c8c126c48aafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
0dcb9bc870fe9a177e73abd7b66f54f9

SHA1
6538684574b5046fd8d12125a8a0b0744a208d5c

SHA256
1a14395b267fb4fe5306dd0f35459cbe4ded5c83f7367ea09e486ddca13b9639

SHA512
7297644abf7f42dcd0cdce908bac688d57ae0788c305f2ae18d600638163238c63bfa13a323d13d116b319dd470ab4e369d8015580c0a3b0ef296603e592e82f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
37a41131addc3327c544f7501b17028e

SHA1
2083588f7e8aacf2d08ae80c1cd8b68e6a925bd9

SHA256
10c093a64320b9e6e3665d68f9f08ae3bb63af8f1de10fe7cf25abb355e9426f

SHA512
54fda1250e1c8f7247e3ee01ea98f821905c404b74514ce97f5a69f67198f2083672acc3dfb42bfa8eedd81a688b95be372859414ae1833b9b3244beaca32705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
59e19d11fbfefce46753fac5e52b1fd3

SHA1
d3b0e0b8cd36574ec5e45ac99b152e1457ca2ef1

SHA256
56b5b953c12ee6c8c7efc6682387e99690205906c9c95ea78fcfd8dca4173a6e

SHA512
145ea01c9f63e8e3002611f4e79ed380bbbdee903b2f8cd2751223771651aab354c79bca57a8a2e195bbae0ee71ef02aac5be5980376af91c70d149f0e2c6d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
788bd0abae8fa310f75ba4c583fe7ece

SHA1
101ea2c1b76b68be69844aabd8f8da3fe8676428

SHA256
50122fa48b15dd97715f4d3f3788d5eef80c87c6f32199c838788ac87701dc10

SHA512
d91ae49d60207670ded4444ce5725a8125d0678eff78aa03236eb5b871d8f179caf10b506b8d2e42f8ba53fe08275b721a2b7d57be5691e4965dd06ce9beed43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2d15d77485bb4a33c8b050d2e5531208

SHA1
5c8e18ce3140c113c560e2a8239dc36d220bdd03

SHA256
b83bc8e5f8b3d663c5629bb2c8290aead6e9ac3eca3081fbe974b5da7dde3f3c

SHA512
c72b139f63619b47897d54d191b8e90461ad966d8ee3589e92bb0bb9acc2bef71b21774c34b72f6a5190c2bec18fff38a7da490ad8d374df2b406cc36e8adef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4caf5dc08e3922fa543dc2bb7f8a08b8

SHA1
7085dd9daf1656cef7d1b574665fe11b51b3719f

SHA256
29881c75e346e4bea53a5f40d08d1bc13f48bc5ee4e978801352775a77d7f170

SHA512
20272beb23cb292fff640b42061fa97193a1dcdd6dbe9040589e9b4ce8684cc403698b04751edc73f36d9f41984bd3584eb70ca46304ccc80fd7b1224ed35e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6990ddc699d37d158f3ca1faf6664032

SHA1
892b97e425dd9d93146c3ce6ee2b776e638f6224

SHA256
629eb8872a62cfbc702d268870f1ca2373cb0163be7436fde7d30547525549e2

SHA512
7f5c691e9f6fc87bb453820df6f2e677071c8c911fc6929907d6468b444e550626d0d241a303de33a99639b1c1064a71475270de74692449888297bd1ea3bee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
57aa794c5189e46b7f105c948999faf0

SHA1
c7d01ecf4365d1f2e6800146b13c8b3ae814387d

SHA256
6042491b412f6cc24d3caef8b9623da906dce29536fa863920b6dd3572729781

SHA512
6802a55c6e5f7d592c4871380b68d86879094c6a5c57b48cbbef48b32fac0690a639641c6d6ff780042790d6d4288b1fc145385fea81b346ab3f32c62f76c21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c6e5849dda6e091f2646528b71391c19

SHA1
cd43c6bca64a3e4fa657a7b62c18078ebe0ecf04

SHA256
51728d429e5e07a0b00f305e3b164114cbd456fdb5a37e9e9209d851099e6092

SHA512
db1bc6126bcb16c2596ccc556f85ab4ddf7faf4bbba6a8f0b048840b3a978cdc6162fd603dc491de81a67cf9009a8efc307eb894042c3f728458668fd7a89e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
43f0b42a1fefc0ed9a7a244e4a63a10e

SHA1
9bc7ae950d9cb4a040a54e99983938ca5dd4ad28

SHA256
a830e0df3ff5ac258039ecb00b557f10eb8a93cd8ecd38497fe874d88abae167

SHA512
b09a4a091e519b12da7da56cf042e1c3b16148ca4dace3ce1f37751e5010f1fb622625717d0333801e667b310888f7a688c8e75bea77a096aeefbca4bbd6d6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e5121f662b72cd1faefd157dcb1521f4

SHA1
ca98bc748354bf44bd28c3b7ed64594559f0311c

SHA256
8083368da1cfd3a28d497246c174f9b828521f856f2ace69f097ece79f7152eb

SHA512
081a957d859570002f71b8344ce8883e2f34a9546f11e497d3a185cd0aca536a3e46302fd0ae4550153e1b306b4dc3bdc881cdbc5a7713434dcd978ad2736952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
44953c84a5bc2869b900409c621ab978

SHA1
e558240f4d1810489930916e762dc73e50a8d66d

SHA256
97b1cabbf37c40ca9290e51d35a01fafedfd96d7a27dac19190750aec04ec06e

SHA512
19a6d875cea301e9f900924490e0c339eee96f44d9d60ac534dd6aaabdce2c4ac2f4024f883aaf918f3f35ca2d6f6d95adb649b38a9072f7847e5aaf66b9579b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3348dd995b0d7f0a950b38866e070e7e

SHA1
0747d5b65dba5da6dd5271779d7c87d1ddcc9ad9

SHA256
c963d1616cf741fca044244381839ec57615409a828e0e1e2c63f687126fa3e0

SHA512
64cf746d64298254ba08f1d75b6126290054b35a1340bda05f5db86275576c8da36eaf89f5d0c8d7f1c481eab8d37693c739d143ca370475c544af3ae8f17fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a4ed1f1aaeb813ec9a4a56dc03f4863

SHA1
3cbd3923507e633d44336763c0fb0ce53905044d

SHA256
670c43329973692f65410127e8e966d6ae109401d4e0b995a08397ee84b1bc3c

SHA512
6a1c46dab7fd793597e639f9f6ca1f4304397b1fd64bb3b94da21f4d8e4f4871bfac5b3d91ae79eda917dd586ebfb9c57d5f6be6466fcc46c59ed3a39cd9c194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92fa51d54536b0aaf0dc356707773839

SHA1
5b56d4cf227b04766ab5e1aede95c80d88bc57c5

SHA256
9be401b354470db6db2c49a7a1d43f9b45087a7c8050702ecb4be688e1276ebc

SHA512
baf9ef00ecacc4677e8a2e06c3e4b4f14454b629ceae373a8da110431cc6fc6b2dcfd68a583667e9a9682d79d14ed75cb8f38a712fd1b6af73b0bd9887c43bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73e5afe3a8658004bb89065caad84240

SHA1
20b6c7fe65df7f27a4e57870c2be53c73734a803

SHA256
a0e60469c5c506088590f2368510daf025b1224d32c42c0bf5c5976ea5d573cc

SHA512
0a00f5b1d25089f5199be2882837861fb56c2ec7dd502c883eaea9041ad8a3159cdb7510afbfd85a220b9e8cc92f93096df8c54266e2162fb12d7e52c5b62936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da2928db4fdf180ecadfe1911eb53701

SHA1
8d8918b6d80af5595012ff90f4edbd61e1b2f8e1

SHA256
ead138316f9532aa815c23226393757b967ab5d48b88bcfb5ac669efd29a2376

SHA512
605d10ad249068118939641c4597dfe7bccbedc7974a8c666fdce1cf48ba4748c7c0df16f8c7f91c60313b1edbf53c037bc91cd51e15cb9d1fd5d58b589f81dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
528bbea9db8faaf1af19edf46c95471e

SHA1
aa8178bf447033e7fb9697b7303d3b8deb56a6c3

SHA256
44de95ed52445a0e6affe347c3b7447b29a6d7969e036c69bf2afe88215914a6

SHA512
da5f15b4f24895efadad97e3dbc783e3a4fdb205e199fa1d409be736a968030856af9db62f240f22188538b9aace2b75065740bdf8e5cd5c3bd43630332501f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
206f84a2f0dbba1b97026013cf355637

SHA1
e651fb976e650fd8412235af5581cbb285608830

SHA256
0cea407850659ccfd1588fbfbf45e9d57fbe380f616e9bc8953d5aac63657c43

SHA512
8e1298fe248e7c575273b88df3dab6eac15aa4a29cff16e4e4ac11a50d0cc0cf82fdcaefa0bb3ea4e455197d46b8c45bdb5fd435de164c6e71b2a88f1bc3e6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592e3a.TMP

Filesize
371B

MD5
5b4c8acebf440c8b5e6596490768b1f2

SHA1
0e898d3835564db40703a7bad0b1105383dc8ecc

SHA256
6c5bbfdda3ea1505ef15fe7d50133552a78acc443e08da477d4e2e132a93c0f2

SHA512
7084b2768106c0d9e143c976cd9f5f7c4d8f80a6f8c8abe7951f8c27bf74abf7ea15bc2712f85376ce4d92070e1eac87a8970fce0527a98b221a947c796b7249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf732a817ff219f2d18565dab2bb65b4

SHA1
8d1724bc70ff32ce92672d4a596d2d01ca517a13

SHA256
b48da44b3bd1e0c6d503def69fb9f35f91342d0750c2df5aacdb0e52f7170486

SHA512
0043110aa54cdc2f371ff8c2a3c8daae0abfaa06e12e7c373ccc81635b4bb93a69174ee1944fe4af6a8824e0ba4fbf903acea5d68e515ed944861fc6360b10e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f61ff28760b8439caeb0a80b8eabb5f0

SHA1
c397679edd4917b693018bdd8ea2fe70ac6032eb

SHA256
15d0702d1d151d4c7df0f61e906d6b329622447d3252ebe044613910385c6c08

SHA512
70909d1478a5046794912ab180dd7778482d00bb33bef569a44d473af7b308f98983049bd60d7377cd9d9a4509eb3f704b5289ce4af5c7196d239f795121d5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ef66b62b8660aa6fc2959bcd05b75005

SHA1
37400c8cb21ed185954c11e40a45c682959e6538

SHA256
c6c3a8ce46659d9c494a5026a7da0c02e25f14ca31dd6239b37f5042f1d47c5c

SHA512
e9d94eeb4c0bfbb0fadf437f36d0cb5e953dee24e7e6904f730ff5b69c524c1755ae14a496c6d8998576c90d9d86bc5f9ba1b50eebaff6c1f222b8bea3a46650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24cfad524f9483e678f3a03a3118c203

SHA1
f89da7e12d1c4babb671d49883cf82606d84ad4d

SHA256
3985a77f177ada270cedfb142b69e2d4ccfa90bc911fd0a700e9f1c1eb2d18c7

SHA512
541f32d2cda852cafc4c5c45b1a33563e051688730c92659330b14a502812c904446b3f3c4e21b57c7ae54026de273721cd08e4b2cd4abfdfc3e941b2eba5b2c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit