hxxps://boczekek[.]ct8[.]pl

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://boczekek.ct8.pl

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
5020	msedge.exe
5020	msedge.exe
1680	msedge.exe
1680	msedge.exe
6020	identity_helper.exe
6020	identity_helper.exe
6032	chrome.exe
6032	chrome.exe
6032	chrome.exe
6032	chrome.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 3940	1084	chrome.exe	85
PID 1084 wrote to memory of 3940	1084	chrome.exe	85
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2400	1084	chrome.exe	86
PID 1084 wrote to memory of 2252	1084	chrome.exe	87
PID 1084 wrote to memory of 2252	1084	chrome.exe	87
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88
PID 1084 wrote to memory of 1856	1084	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://boczekek.ct8.pl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff220ccc40,0x7fff220ccc4c,0x7fff220ccc58
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5084,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5124,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5372,i,7770653594431449897,4684436306709443049,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6032

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff0fcb46f8,0x7fff0fcb4708,0x7fff0fcb4718
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5471287213677625013,5607032259116066566,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7309d681de5d2c461cce07d23e1771e7

SHA1
33627d1d4dcc658318ad7efe48f7094156927722

SHA256
e1005bb88c6a7cc1cf0f53b986d4cf8e365d88c6ef921ed56e630adaebe4435b

SHA512
fc84238fd660ed65e81c8707775df17032377543b66e2935ec2174994ff0fb76b3d140d2d56081c8e8bb8a1a4070f6a47c220b92eb7260ce80e54c59c5fb1493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
585f725791554c846cbf0dfd5d7f01bd

SHA1
274577d66586883aaeea6b3609c19a7381ae315a

SHA256
79c0fc48eadb86f9c38b5145a40a4e89d9ae7927d3d0f8402876aa2a96a833f1

SHA512
b40758c7b587c6edadc8a29ec2b50d8365147be463c4b44f9391f36ce46f7da54149d856d0fd0e31b8f897ec066edd127646fa1fbb60ccc416ef071731c8e931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
47195bc0b57a0213c47eff024e4440fa

SHA1
7e5e1bb853292f95081a1be8abba7e8fd3c96a72

SHA256
75936365889c26452d964e5103591a892e62f0b62be28fa4482cabac2d440c3c

SHA512
98cff5bb74d60928357b969ca790de99e8cb65563fbdd91b3fab8c69f3432c7b79e7f2afe1fd10cee5d755e5f3a9dde0c92bb1f8afca825a31f303db36762cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bca944a32f13fb662121f54f07541a38

SHA1
979804b0456e8b77216db48afe70ab820066ea6e

SHA256
054ba6015aba94008630db3a4674a7e837dd3042e1e9f79d5a904c85672622c1

SHA512
d03003515aa7c81d0f50c06ececfcb7de74bbbc7d7414930deca0af84642e9ef02ccc2eaad855fc51d0a381bf3e602fef89a70baae0fc05091b7e44b34cee723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
de17f6b5453c8e85848f2054ea01bd8e

SHA1
41aede333154ee87827b79ef5bb48a028f0b574f

SHA256
4e21fce7601993628ed459d68f46bbc2ace5714dd645c439acfa0d07bf84fc04

SHA512
4e7c1c7369f00d65522cc0ebde9df7a4ef2ceb8513af6aed7286552cd0cae0b2ff895f5fd79b74da0a33283a7eb3b94a1a633756de1957151cdf00907c8cbe49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c28c978f4ee3b923945d2dd12eaffc42

SHA1
0ddf859fab4dd350ec63e020c49654b822a14fd1

SHA256
f2ffa8ef955bee4e6de92d9331ec3220797cef194e55e4d48f542295f0e1a564

SHA512
2ee285b2737727ff29cd984b59a321ee94475c0395858cb28b471364ef522039df89fc2581397f540616d56f2d573d6967771fb25aaacd417c48ae2ddd073ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a73b048693e003beb41c720c334f642

SHA1
8b58227c1edd55c321f33237b9c5dafe8068de4b

SHA256
21a1e1f392115d448adb673abb2123d0a642b9f14fad7aa301c91056202c64cb

SHA512
4b525f0132ecb217595e3f11f344153b68116e63be63b1f05fdfb196e1b120ed9291e09eb4a386063a37b7215542baa469bab33b71adbd2855c8d3a3c30add4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7a8bf8dfffa31cc30243ee21eda4ca6

SHA1
910984a035d4e89de097864dc70fd1ae27414241

SHA256
d76262051dbdb434bb795caef11cccb59970556969c39a976f6918d127f0464f

SHA512
0325cad7e87f055c2bd6e155123ae65a6581f699edbfba99126f7b5ff3151535827dcf71fd956fb4015ff7b20e93070ddcc8f3e5906eb2cb79bbce764acb32ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b7887d1baef67fb5bad4477faebe246

SHA1
55e520f405cbfab217de5f1fe02f14cccaa4be32

SHA256
4ec781a4bc7a12f2512c9482650ee8077159dbd591e64aaeec851413b6a56ca8

SHA512
0f3deb13419bf31a90549e003f7207882a589555cefed290497c20255d3e882492b1779ee189bceabadc0fdf724e1abae07055a2bac7e094f7f27fb5a1703b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bde8226e3f98bc90fe59e56a8705d69

SHA1
9e6571feb8d6ce4a6fbcc9b00b72113a58c8dbda

SHA256
9f19d397809060ac0052af2b0041cbb71b292769ba35ed1dc76a015eedd77d5c

SHA512
7aed551621f9bfbf1bcc9a938045ef335d9b714cd3b3af423605fef7031fa0389d63aba59ee13b0018e08e11697a11655a6cd8ce003018626c26ee25369d9d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a75ec9d434a45460079d355a8e0622ad

SHA1
73bfab5aec9ee7ab65a0c18ab3fa8c2fdf696531

SHA256
2289465b409816efd5296029217fffaec87d9de70144a80db902fb275a70a335

SHA512
7470b70c21da96dd6456d1056c3db76436b181a6ebf75439c605019fbcb434db925be125572c2a938de65ed7f76e6e8a88d8e7d1eb80e67069f57c6c0abddb51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
317348011076b955ea266ecdd27ebe77

SHA1
fd132c78efa447ffa6a76933a71c942fd1d00c3f

SHA256
db864dac33d8af7c1535df72b8d8e239097fe3611b5293e11bd8e0b49fef9110

SHA512
b70ab492a1317503f9da84c4b457330cc2c3d642cda82d2e3199a7fec360fe6445ccd3889998919afec5ec87266f76fb6b83f7548aee448d1ae3db250c7ac790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b5340569406723925cebe80baa78a68

SHA1
bda76df7b6d7573aece0e4fcc05402d4f7c495b9

SHA256
72912b44e510b7180a17d2e861059d560d5de0adc32d5c5f11f545a6c09119ac

SHA512
8f1ea494272499cbbb4703794ee81dc0a0645ed9cd40750596c2c2a83932fcaae15d24df121686f185facb1bc2782c5dc6c47bdd49a810fe1e412c56f45f90b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ba20b1a606554b2f8b66522c4b81bf5

SHA1
35050e7bc2d8d68f6558797226f4cfe329874c4f

SHA256
010958a7504400e5055ef581fad2de831b2647d0bbad8cb48eb7fcd80522d70d

SHA512
6c60a4ba289675c70ca52e5d8d1df9f615d18cbc020195dcc780a241f4f798c384a7ab5b2888c489ac5ae36dd615fed92383fcea2c5e352681117c889ff65ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19baac3fc9c933b2f48cb87283306c1a

SHA1
78ba85326ddb27613f2136f892a2fdf7ec65ab8e

SHA256
313f0d29f06323fc70fb8a23aba661141c1f0e163065842c0f95cab33a842012

SHA512
0045b443c8031af99d1fa15fa8cbbfb8bd9a44ed8d919e88928bbe0bfeec1477f70a36d9edd6ee068717c89c9e51f577822f0aa09f5261e87e6abc3f7571fd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d34bb4d227700331006b20b14af726d1

SHA1
757f66710fb5e56661a5b358767a505f477a3a86

SHA256
a5051965af0ed2a4154734b74df3dc07fffbd2066596514b9203a8dad76ec32d

SHA512
8e584bfc452994c3e9d4d8d8393a84e274fe4601181967cdbad312e564c651a36433cd78a66ab36548082a44eb4263711a08471ba78fbc1cdd253f3e26175308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
786bd4d008f555dcd2712a4d1b229176

SHA1
575a34aaff7c867519b3b9232aa90442eea2e8b2

SHA256
a26bb621be424ff08e23b45879bc505b96b5ff3a8e13724d57e600d59aca432a

SHA512
4699240f78e2ad8aa122d62881bc0173cc08b12814f9fdbeb9c37dbc385e954f731d164bce9305675670476ebb881926a9c089b57411732328b972a2c5ed5e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
bc2d4b90fcf1a8346de528a487268dbd

SHA1
9ac85cd07b5baa7d34da443347713cf0eb13f7ff

SHA256
9bba8e4f5fee3e5c778d0f1bc629066832376ad6b3db3b690a0b455e1e056584

SHA512
3a5d2149ffb4a73d883ad3b2d63a92605e0a6d57f32900e65011a9e8623488999e4c7e43e1d5c20a5175f41d8736ea3144d4fc72ea0e861d95fc961a4cc81fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5c6e25e4806bc533a1033b269fa55d70

SHA1
3bc034365350389e0d0e90e7dc7db49c996eb97f

SHA256
7fe3c8a428d94f6600df73d445b8c945b5f0e535316c453794f99272493e807e

SHA512
ecc69f0edf1682fed59375deca940fb27c0a4d37fd5311b3444e0bde343a9c68a0ecf40d55f1700ec1017ce90892b628d70b08796439a9d2ee4ce35f55f9048a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d2f35c1868080ffe2d5638173345d130

SHA1
024a6fba0e05af87a58298a4ccd2e0e44489710e

SHA256
7cd1c0660effefa78aa3d281b1c83e38f627b839ee410abb6e3737ef2a4b9658

SHA512
c7240aebcb47b1539ab56a3a450873c722fa3bb03bccbbbc0afa3a4b4ac19c88255150c9ff956b4ca9fc56a9536f2c2053c878578edcd81da83afeb97c5adec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
897eec78851f5895c8979b1183f17bc6

SHA1
5f42881db1cc19bbc03834ed3131848e618e5dd1

SHA256
6265a0eabe1916ab135dd4ed56fa367346c1eb5ef95c5619b2b30a8647d84b9e

SHA512
1b90d0437c8794f2847d35097e863b8e5cd86c79db6d740ec4b7c2d7fe05539620f41024849f3b6f13b41e09dd91d8d92fc0b479551b96fa26a44d911d28ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b651dfe0d81fbc0a382fa6a8ed23db21

SHA1
018284f199a0a2f0e2e7cdd37d4bff3eb24943ec

SHA256
293028817baf14c251a7a302f05e3474649682f5695d0cf5ddc39477c909e3ca

SHA512
be12dbc166896cf9c0d63c512e3cd56f9645507aee946bd8da5ff3c63985c259a57c884b8db32b6cbf3692bad5ca69d34cb0a2a829e1366359283eb3954abc42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c72586469b57c8eafe37b5acf9ea18a

SHA1
977f6a51847dcf366c8fed1c8575380184e23ed4

SHA256
5313b69c928ab51feb60f522d346cd3209952f8c28acb3ddad9fecd90a12711f

SHA512
706d7d33473a3434d676ab612a2a8751349c8c7cdea599558ca2420c758f1bb66ecd4962a442c65d554ec452e74076592b1c2248d5102701867fe3516c3630b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f91f753c654ca33819a8bb4e2e4f0da

SHA1
ab3a2c92f7de162fad5033bbe7868e204d772fce

SHA256
18e22660d52d0e2da76b00e62b2fb195fce0b17c96405c990168f41d6bf76a2a

SHA512
7b4bea45d2cf3aab66e48900b41760d62e6ce35518477a45d0bf02d028ec34597eeedd369610224fabe612fc4e415ae9cd168423c02b8af82dbada341769ec78

Download Submit