79081f01bbda2c09f347f0086a066260ee06ad6c52d77f24e4bf4dc7e669e37d

Analysis

max time kernel
203s
max time network
201s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24-11-2024 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DjGj07.html
Size

2KB
MD5

c1f159ac11774ae594290c1a6ffa64d1
SHA1

5873ab986ec014b2399b6633498e0f9685cb7c88
SHA256

79081f01bbda2c09f347f0086a066260ee06ad6c52d77f24e4bf4dc7e669e37d
SHA512

ed9235ded2e23370ba456bde003a68a2f5c01dfe812a34b582d2c8855eafbd191766af656522c6d83885d0fa8e9063d8eecd3744f23796038e51982f9518e072

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\edb1f2e6-78df-4de1-8661-2b3923226011.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241124155813.pma	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133769375527458351"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4280	msedge.exe
4280	msedge.exe
2364	identity_helper.exe
2364	identity_helper.exe
968	chrome.exe
968	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 992	4280	msedge.exe	80
PID 4280 wrote to memory of 992	4280	msedge.exe	80
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4748	4280	msedge.exe	81
PID 4280 wrote to memory of 4696	4280	msedge.exe	82
PID 4280 wrote to memory of 4696	4280	msedge.exe	82
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83
PID 4280 wrote to memory of 4756	4280	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\DjGj07.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa191d46f8,0x7ffa191d4708,0x7ffa191d4718
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1132
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x14c,0x258,0x7ff61b715460,0x7ff61b715470,0x7ff61b715480
    3⤵
    PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,10371878215175095452,417568931954353053,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffa18e8cc40,0x7ffa18e8cc4c,0x7ffa18e8cc58
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3704 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5132,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4656,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=504,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5184,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5696,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5416,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3372,i,7563082467325450616,16160753316062597353,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
33e217c4f311897ea310124d31dbb8ef

SHA1
115d55cd5d8998dbe8ebfa86b099c7bb8b51adb5

SHA256
b0368057f0c675beec618d93137c5baaa97d491bf068ed5b7f6a26ab423211d5

SHA512
449114f34ea9e2d03459076a06fa907925729e4f3e139f026184c0e1649665d226b44cb1ff7ccc73383ac22025430b704dd05c8729ffcd0b7442ee08d0582376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
1f013c990d530609f4d502596f4e9f4e

SHA1
cdc19911c77f2e155c6d63e405ac8a8d83c4be0a

SHA256
4302356eaf7e4276eb1ac2a14dccea91aea840f350bb5fc13ff293f8fb34c8cb

SHA512
989495c64fa2a5bf15905a9595befc9a35dcf45707bf06ced950cbcc3825c6425484aaf304aba55cd9ac6f6a9ed3ea6a7987bc0a04cc5fd871b2bd07417fb1c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
adaef7cae41fff6a43ad864a997da268

SHA1
7cc64bc01fac5eaeb8ae752ea0dcef4c8ada5858

SHA256
ab490d34eb5fd2e0411a98519d040d608811d569a8f63a0c08fd1d0ee182884f

SHA512
8d167a5e3b7e3c7bf78e7f82424acd61d29850a81fe721b8383c328dd41b0cd83cd1ea7b23c8a5264602d7a97226630a98c2833c5a4c07fa4321fcfa4a4e8d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
362888db4ed2fd4e50861b843a2b13a4

SHA1
67bd2bdac4057e7956fb09b1166e2701dc5851b8

SHA256
491fbabfdd961efbf2f68291d4547b0508f4e1f2af7d2237ecafdd2b577e1d4a

SHA512
e76591f70af43e4d4d3e7ae1c16d9c6469d677d3511305cdc55aaf6359956309d97c12b286715d8d2e92ee376e9e54da5f9c689942995929067e8a52bce445b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b36c14e723a76333617bf565b428852b

SHA1
5e77cb10d4207f96485edc6be1392ed375a4244a

SHA256
2831e8ed11022c22ecc089cb6c9c269c292ed787781922f8160751840aa4c844

SHA512
d437c409ae0b2d536183eefc20d3c6de41ebea6b844a196e174aa56b5a3c4797f23448ade107286b2df1d37a5eac04bf6aef1a235d5f5751eb670e1bff312599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b25e9ceea5e4d7e757408017a7567aa

SHA1
8d2f300c1d26987b77ddc5e6252e5214611b2eec

SHA256
617d28e770813fd6e5370e0a0c8bdd1cd27261c1bf8cd88df482db4ebb1188eb

SHA512
fc0633dcbd0aa3b32061a3b2eeb69de0f7b88de43d47d3890ceadd88ab3cf25701aed8170f33e6cd03512e84085753bd947d135632d69d411f0238a4015aa4a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4491a17971512ef069a26ab68575a8af

SHA1
4660eb7ba4625b7cd3571e465beb64efeb880b95

SHA256
5c61676c1627927bfebc1288c569f86ae2cd1b54f90c7fffafc6113b6c6f2ea4

SHA512
ba8c280c39e26e79b5164a5eb4dde356081502b5cc039a2f6d81d1b8537d81c73317dc0d84c646f9f6f7dca8fa126544d1a062bb4c6c5d8d28a92bc5c974fa2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3edc5b18bd45e559189eea1b3513d347

SHA1
a8366ef9e567a48e69f20de4633e2c0f3c100063

SHA256
2db002f00bd1c176833dbd3b50d7590225b1ce3881637071155b4d6d2bf2ea0b

SHA512
6bb854621e89b60d6a7450546f72d1a71a9060c446f222854f533636fd58193d0d3a183f762497aeac08aa86d2ebabf1595dfb0209be4d6eb53feb8804f7bfb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
f299c406a9dbf903535432cae9ec8d91

SHA1
a2e85ff51d2f5fbf63d54504d3bc80c7b6c60b8d

SHA256
1540bdef3f4115ebfd6298b30d0b059df92bb3d9d853363bd0ca47e64006e8dc

SHA512
549ad9145087299dac791e8be61e4fa63de6f3c8b86121f5c5e205bf71503831a2749a084aaed39b590b1ec51c5150470a17a5ae37e731c8b8b7d4673517586a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
ff03480ebdd7ac9c1a72bfda8c0bc543

SHA1
3887598bb9c0ef0b5e5ff0bf4ca31d6fba1e4834

SHA256
e6c83469f8dc9edd38cde7b379a5ca93b008e049ccc31aaeb9d1bd5566b06ece

SHA512
5d54637188f63ba1a2d885192e4f0179c9cc43a7d528fd430a6eca88c2c8dc8ded72c97261aff25766559f3cda86691c552c63aa2de175ac00ab6d1c51242696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2aeb34d58c812b2f9b5114572ef6c848

SHA1
e1d5e3f23932216cd2607b5e5e582315667534da

SHA256
c01674c9dc10119247d4ed3432de275f7b15b5c502d10f3652247dbbdecaac86

SHA512
858cfe5940bdc84b120bd3ff46f5ac979c89ef3a2593f00c75e6a3aa46bed435a0ae76dc7f8001e8d0933140a5ce6513de51c8de08d7c006d9caa3b11d138be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c39f33503e3714fa3f640467652de355

SHA1
1ebc53e5b4fe2c3e5c7c1354b48b99102109ecab

SHA256
8c9beb4e68aa2c6206aa90375089138a535b7fc2f848d2e563c7e62af9148399

SHA512
ef2bfd9b21ec6635f10024797a1fbefcc1f045126a820581da5547444e252f8e33b79c4f617f4970d98c4ee196b1efa1705edffca936281a25b79bb272b20705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc8e9f7ebf61537e8c50e88c2a1b5a97

SHA1
89dadb9fc652f3e1c748554fa55092569f552501

SHA256
c3f2612225b68b7e8e221493446fb20c5d97cbd4be2da112f77f0dc315844a18

SHA512
d36d5ee47caa73b22c4f24dba6adc4e32c520dd956d09a09d5627ddbc8f727619dacd8f400648a15daffb3b4c9329f83bd3305fab98a46827321d25a2b4e0820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0198e8341a22abe5ebbf91d0af870a3b

SHA1
6657abee618dde4dcb0e28bd9d63a52a46edbab3

SHA256
20007b4cd863dbffcde2be9429865fd0bc6d34712c9e0dd6dc979259129b35d6

SHA512
d6b700fe6e9bf5aff53ba6b52a89b512e5ab6f5d6d876ba503d5c45dfee19b35dffdd46c151aebeba06b9b91dd94ad51f3fd143f87bf606055fae02273180e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
2c46681e0d0528c551679cfba587c7e5

SHA1
0700d25e3d709e7165a5143a2d8aed3ab78b55b1

SHA256
35a30f84b9aee2bf8d256f1756fcefc8fde5cbf7146be41ef1474380f563836c

SHA512
f5a7c3066561bebe33cfa0828c90ef0e0e07d63ae7cbfd3030d2ce11b7bbd2313481006bcf91aff75641c2574acda354238ab380383fe408506e7b492fd4b411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
fc63407bf85eb4278605615482b3fa80

SHA1
5be2e3fd39ee611872530b2f385330a045db8ce3

SHA256
24486e9e66cf38a3c66b3a8788012015d5241d97d28129c481678be460a7ccf7

SHA512
26217198a0e3ecbf914125d4e39c435edc65e8a33feae210b29f0970d00d85b8a56ebd3b31b98f40484416d2233dc3cbaf810a3a113ead9379598f7ae647e0cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27f50208c562ee64d6369b9b05e41221

SHA1
7bd4936b347a2ebc1933fde84939775afc1c1522

SHA256
09eb2e09e2f07c380e11e82f8409919cae8b590b2beeb37ab462e2fb00313d14

SHA512
3dc5d74dce7a4359e4d82830f2025335a02c1d82422d3ca203ec80b24aca061f1c9fea0f5626aece31eb1362395e8fa9d569ed01c9df0f0435d2ca92c6ea2597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
317b70f9f7083022afbc7ff4ae28e4a5

SHA1
c6e32e5bf7c031ead91a714e893b111a78a5d9db

SHA256
b8cc86341e9c2b151623626516bbe13a0d4cf36e89ebbd94449b06eedc5ddec5

SHA512
c3b5a8aaaa4e683f44d6f4d9a176f687033a9935cbd2d0be19d5647d74f5f874a3452b76b781a790bd848c82dd22e7f8941bd6af5e4c9304e7cec5051e6f72fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
7744af175ddfb9a07c79e9ab986401cc

SHA1
97db9c444d5a7d14d7f491f2140c91003ac0cc9b

SHA256
ba9b53d37b027383ab1daaa728d736fa96081daa4fc6988333da5593247fd944

SHA512
7aa6b059dde45c3943444bd1c57cba186f27772f52abfdf2a6a5749aed769199050849da31377cb7729880fc7f3effa0dfe66a31be9f2e133666f520bee0aca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
8a0d5e8b034b86ede39054d5add52ae7

SHA1
9120800c7b55be37314fd18def6311ff8b83829a

SHA256
a3f5967c51bd0804dc0d519112e73e54dfff3554d3feba4cef5c93f8ea1e456b

SHA512
4a2e8108f715df607e72b3af775718c8f760422e2892b2dfc522d147733471f63817b30e386f3988c20f0867549f6c165c7330a63d3eff69140e206f7a6d3017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
c4f7050bb6cbbd34fb71b3103d7fd9aa

SHA1
07e6c23aa19a4aa425109e669177f63475367134

SHA256
a71b33d8173542820864d181fe2def12329aa48f4fa4cccc69d038257c188913

SHA512
96acff949937fd1acc3e3d9f271475dd742c8a238f81ef0c818fa265a3cd7dbdf1d32e271b34b792b9ca4c471d2e6e22fadfeeb77209887b79b6eaf831d936ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d9c9a841c4d3c390d06a3cc8d508ae6

SHA1
052145bf6c75ab8d907fc83b33ef0af2173a313f

SHA256
915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d

SHA512
8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e87625b4a77de67df5a963bf1f1b9f24

SHA1
727c79941debbd77b12d0a016164bae1dd3f127c

SHA256
07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e

SHA512
000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
318B

MD5
3abf893970c6a7d77bd453b4514c476c

SHA1
170c625aac12fd68a66e8ce2a33b681a1c0b4b18

SHA256
1084d6afc163ef37b39c182c68995009f6a11fb27a5f7d9a4a2b854338a9e84b

SHA512
cfa522265d43801699aeace5bc59a3933c13647dc955ac0c243955776a519cf58f3b76a3f1ce4bf2e597690cf86a8f5b69aafba3fdcb92bf5b3786ad8388561f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
872af7b186e0b5b2177b377acc71817b

SHA1
f4bc8e6896d9a2967f30946e200f1606b1e68ac3

SHA256
e943273928d294b971d0843eb31685201d4f363ebb46829181cfc4287a71022f

SHA512
d9ee0553f6f947787a2ad8f88a665501425e2eef52c9dd4c78c6c3bb9f31c4d0d214bf0a6c46523ea5b95be1eb3d35bfdce89fa4e168ffdb3ee682cf24a33f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5cd6dadd4a65ff30d9c1d48d20261128

SHA1
d74ea0f6ec7a203bbfd576c56973a0434356ba8f

SHA256
d47aff6816352275bc6a93541f35508bc9fa6906cfb700569cb325be59673717

SHA512
b38e5cebcbab0d00f7c12dc35312c375d8acd61d24598b0d9613d4793eaad0ca0074f7e865627ea4047f84b1de9ce622369a534405157b21552982ce25c87b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
facbd9f141c75065aad608ccf9d44651

SHA1
bb77c230f7a9356c5acb289bea941de10f354df4

SHA256
768e08e6154a6e205a53c10adc39c1201011832e9d0d136121aed8ab22deaf39

SHA512
7dd94d08a0bd1140ea90e2bf2f90befe3ac8673312545b63ab4139dd7b0297a9f1e66b4953bd7ad99f8130e136f9c7fc5c63012884946af7be91585086b19f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5c2158bece019c1127625aabb007210

SHA1
4668ed23b01c51501590dd811b795e9534f47814

SHA256
d85f15f3047bac05b207de0ea57a94fabcdb5ec4121056ef8f026e29eb2816e9

SHA512
350add96f6d35ca63b3f594a071ad0eb38a2c10d748554ff4073baa0516338cc6d9ff1d5dbf8295d7e38b7d2352c4c4a3c561d837e8be30ea32fb3925babcc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
137094a3453899bc0bc86df52edd9186

SHA1
66bc2c2b45b63826bb233156bab8ce31c593ba99

SHA256
72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44

SHA512
f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
364592d2cc18adf665987584bf528cba

SHA1
d1225b2b8ee4038b0c42229833acc543deeab0f6

SHA256
bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c

SHA512
0e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13d9ae4cf74949f765b2f59249ce0fb4

SHA1
fcdf89c0a6ffc961f44b6e24b7fb76cda652faa4

SHA256
b927fe488290bcb790118f67882735d1e94796d7081a20612001ceaf3eced36a

SHA512
4ebe7a9a773c8c2affe2182d091aff5b5dee5f53b4c44214e7536e4a386a3164c426c344741034824fdbc7739de2eb9a26ec2b96c7cc7e546d333b66c3e88be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ec528fb20370a15383af4e9958b1b46e

SHA1
a6597c88832a2c37a756783ae9b330567022a61e

SHA256
1147d39861b8adea24b34fca686b34d09e9b8e59828e3d121aa7407317757417

SHA512
b3a2534b7edfd7a6cfa33367abb17834ef95c04a36cd457d8c75f27b1f39a84f49de220aad5943107cfa0d1434d8463cb80464e52f28dab8c5c3149affc3bd48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
21354bedee587aca6f11b0d5884f9c42

SHA1
914b025dec77410887438777ccf7bfd65ca0e326

SHA256
4c9e211118b8c9cb6e8a1f6d5ff251f40b6b0ceff0f16d2902cb3db25cf9981c

SHA512
41e6aeaf53efd61d8bf0ffa3f7ffed106b56c31c47653dbd38b756cc4308fa09062fa7acf5b21eadbe148e68027f8289b8811b6d1f90eaa2359767679d6176c6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1e9f997f05f747595930b00c9749fb03

SHA1
f3ded35372bcbb80e57fd07a0e4a99a7f4b282e4

SHA256
ae6184bc0c82bf06a10ba2606a8bd21560ba5b131e54dc43b8b99eaeede80a3b

SHA512
426d8f126ec3f8bc9e12bf8f9c9072e879af45921514d9777f44a4918140c47e30b824a52efd29c21d91feab1eef9e9f53b039132e8198f1ec8623ce5ea430f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
dd2149321207498da3df66fee216314f

SHA1
45523bd78e2dc62c787d364d8b878dc91afa878a

SHA256
d5e1410ac522550cab0e118cb662f0c5b9e9bd595b77b778749a5b35023f3247

SHA512
99a5f9f1be3155128c844bf84e43b062ef46575eba64ca5e244c00bd2a4d5ee321ce2a1a4ee2834bd211983e505c65cd3dc6fbb06384f30771a8494da467834e

Download Submit