hxxp://duckduckgo[.]com

Analysis

max time kernel
135s
max time network
159s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17/01/2025, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://duckduckgo.com

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815670322939369"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
1536	msedge.exe
1536	msedge.exe
4616	msedge.exe
4616	msedge.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5984	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4616	msedge.exe
4616	msedge.exe
4460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe
5984	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 868	4460	chrome.exe	81
PID 4460 wrote to memory of 868	4460	chrome.exe	81
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3056	4460	chrome.exe	82
PID 4460 wrote to memory of 3648	4460	chrome.exe	83
PID 4460 wrote to memory of 3648	4460	chrome.exe	83
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84
PID 4460 wrote to memory of 2124	4460	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://duckduckgo.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff8807ccc40,0x7ff8807ccc4c,0x7ff8807ccc58
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2956,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3060,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4420,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4896,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4492,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5376,i,12802828628858540789,3408906463648263198,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff87c1746f8,0x7ff87c174708,0x7ff87c174718
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7195007799110779422,12543648884097183663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7195007799110779422,12543648884097183663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7195007799110779422,12543648884097183663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7195007799110779422,12543648884097183663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7195007799110779422,12543648884097183663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7195007799110779422,12543648884097183663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7195007799110779422,12543648884097183663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5984
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\EdgeUpdate.dat
  2⤵
  PID:6048

C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5160
- C:\Windows\SysWOW64\wermgr.exe
  "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5160" "964" "868" "948" "0" "0" "0" "0" "0" "0" "0" "0"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Enumerates system info in registry
  PID:5188

C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5384
- C:\Windows\SysWOW64\wermgr.exe
  "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5384" "872" "776" "868" "0" "0" "0" "0" "0" "0" "0" "0"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Enumerates system info in registry
  PID:3696

C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4268
- C:\Windows\SysWOW64\wermgr.exe
  "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4268" "888" "776" "872" "0" "0" "0" "0" "0" "0" "0" "0"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Enumerates system info in registry
  PID:5796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
42KB

MD5
1d122f2bfc4bc7567762ff3c9aba95dc

SHA1
358f8749ff5497d7f40bf7990b48e051b1186db9

SHA256
c052447dbd9623d681dca2894bf5853533e6d5ee4dc6753291995b57d11c2947

SHA512
3dd65e9af638860f7274f4f5e30380188f5a87aec7763337930b26aee7c9f6d61529a28a88ac50b044595becc794ef5bccbb700e25446aa309d718c89b471f74

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
44KB

MD5
3decc2292611b38692817d3d95fea119

SHA1
47a2cc16f970eb90d54cb6634c84eb5e06b05fa6

SHA256
e1efab001e2fade0bdc088723bd52344a890f6a7a5b3a1f94e14a7dff03a13a0

SHA512
fdfc533e6cd6206f17467bee2e4492adfe59fd2909d068bddab95a6ec35f4cedb89765b7ef3756a77d016e5d7d242d85a964043441ee7ee2dad025b9120f674b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
28d432dab5f03146e7675ca241b1f620

SHA1
2c83af43b9bf04ac296ea3e7044798156af839e8

SHA256
69fdea8bffcf9cbfd399cce8ca4407c2236e5dffc6460e555e8258d07d6b9990

SHA512
8864a95df3dee4e5de98dfc11d5a5ece14af2327b7fb743ac4a41e9ddecac4be954189dba80b4c4ce6562c559413368fbab6b6a718703dbc5bb8e8214374409a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9f1e9061e7d78915d3093c580c911d02

SHA1
9d60b58baad142091edc3265732cf7caa68ed5a6

SHA256
7557d8d68962250676d7ea9aefb630f884cf6dbf3b602c038c049442f2cceb42

SHA512
04a828fc99c1725a262cdf305733c05fa061d9c7f8d952e70eae300046b7a4435a1a4b2bc3e18a61dd1f61417b5600b327f14477decbd9b18578f18f94da5a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
316a84ae7e673730b5d97323d4522386

SHA1
56aea1104d721ba3115e6d9a3f981ba4ad0b91a6

SHA256
95f0bee39e4f43278627903bbf0c997de8ec131aeef33c0489ba4d15945d2716

SHA512
0b8fe50f7358965a86c61fbd4638978d1ff2281d7278bf340a592a3d83efeb5b8b2c8c108371801830a51c81e277863fc8ca344993f3b8c960bc43cb031c4834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b8c88f40b857f4930dcaa273ed23fc1a

SHA1
f9a31d75f95726171a7798bf77f6d8e4a70cbc7f

SHA256
140e2b7c70039b89c9bfe3cb99e86b3b26766e04d33ae4a3b689958c43d3c625

SHA512
dd4c747b162772d4f43ca1480e905ad02db61dfd1a0d83fe6d6ea3500bc7abc6550eadd0edfad555713f38036a4d2922e70c9a1883ceda8460fe4224318373af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
667d05afce49c649a55c3b3127ac8154

SHA1
263f313d36e12a6b95f6b3214269f1b8812b1eac

SHA256
09d3a431d66a0c6f81b6abd756d327b79416a910a61591978d816679c56e8bc8

SHA512
bd228bca6858734610ffbbc02e140f08fa2b0c69771e9e86c9ad5ec2c43f70c8da9d9a0a8bff3d4c7abaa86a98f5476b1980917bf8ba67b3bf5800917dcf3883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d4dbb0b71762380cad3db7d03e4fd5b1

SHA1
36b9bb12689d34f2958def1b17d3e99e27ee9581

SHA256
70931509965a73d61f96b7dfa798bf7c26dceed0eeef8ad5d9d9868ff192dd15

SHA512
a80096f7e4e966696c08ab99021fa0ff091076f1bcb1a2170f3f7c30d72ede9b1d7cfec97070e210e1d7e1ee2459ee5d54fd39ca9fbf0f97e6c870d0101b8aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54937b4efbf533839404b1c2e3f71a30

SHA1
91123e6486486f2cc4a7ec0195081ce236cb255d

SHA256
f9a5d6c53d56809a706afe523e1e441ef91548b3d578c8d3df6da5682ed09aa2

SHA512
224921e266d5625a29440e52336000665262fd94a4321186dd094a463c01173c69689adb75dca0aabe979719d3dbdf48920b5d0f383e75c84f5d7ec3d2e1eb3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65fe7bb30b9b0703796e91a511a02203

SHA1
1ae037281805648f2bd9441ab61a903e2ae2d61a

SHA256
ca74c9d752c76ef1e775960e6ff40f82bdd58b01547a5a8e9a76e1b30302cfd3

SHA512
95a10decaaf35d63d555175402ae97fe59cd850b3d23e161c2635214011c6b799b29637b176ffafee3556cd080f65e5fe5549cff3927afa1ca7a14d9dac64b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f50c767508b9654b24d4262dda26c7b6

SHA1
96cb85758e3f0c982f923e28f7e73bcfe436b6f8

SHA256
7ad281ec99ec34ca4ef34ff3ddd280192d114011ad1d432f7f28f47a4afea424

SHA512
fe7072c617596675a8dfae6c059b5d871398d2388a06c9aaa04549854e68522dd10479e40277dfdb494413e29e6f516dc7460d6de6c9fbc26746e98163d2cee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7662613f4525b7e235885a7fe763257f

SHA1
ad609157d1f6d70806d4162c64fd125af93e421c

SHA256
8b7daa83b20ebbed6190b4f8d76302eb88c916d3b79c55302a9e295d8b53f8aa

SHA512
a3782758d3a1e72e11d1e6c933709fc2260aa38a98a021eb79f563a6f9295e013e9380b6e7dcae1c9129ddee8ee84f3364f506c89a9852267d75fb9374aaad7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1248987d687c85a2e30a8f7b5eb236bd

SHA1
ef14b2b98038dca74cbcecee4519f692a3f1ea74

SHA256
2335a1c344d467b701e553dad812fb83478f786db5d6fa2c092420cfc9ff25c3

SHA512
17a486a093d367414d5e644dcc40ed71b35ca22470f145f3b0bfe4b65c02a81359a5ecfdcb18ec2eac873ed72e8adfff13aa729e71daa05d938c82411993f97a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc74c494a529b01867c63084d9747031

SHA1
3091df5c79e4a03b61cf96ce9fc07aca8426a1e3

SHA256
2591a51033f116b0f8f3ed0317fad8f6b5ab91b0c18317201ddb46b3c49cf73e

SHA512
004aef9221276ee38beeb3121455adf4033d50699f51fa2bb66549d158d3d05659f9f3ca6ce3883495f86289efbb1a51329869525c214225670d2a3a00f70352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c187b8597819d32c3edfef7ae1a8930a

SHA1
9d639d623f32b903e18eb454c4c8cbbd23ea8e07

SHA256
f8e3b639a57dc553283bca9a2a37dd0ea110ed7896cd54a1c7ef8107bbf4a179

SHA512
e5bc45f4d3a742c6a159e069f514c761b9014e6e9dd75c1667990ff07fb435e3dd2611de57d7f36038416b8ac8bc348d222eaf30ac9cb609c70a7ebf3a03e1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f036f27b301369b0a99d70836eb49f8

SHA1
44854d3ccb46f7aba803dca86105bf9147faec9a

SHA256
37d009d68f54ade81b7772502ed078f919ccc14adfcd54694d26f2076a0636e3

SHA512
bd177f9d1036308dfcc98728f0fc197d38b78f3484a60836e6e39e603d0a26185c5c072e2de6b01448777d869b1279c7c634f4e0af22ce8190bed656d3a2d2a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
96953fef7e93aa3a3a1641065a792ab2

SHA1
0f5373aad758dd473372991a2dc92fff3747796b

SHA256
774a5dee3e8c12dc650521e2dc8e46d0aa4eefa3769b2e0be1336a6449c45275

SHA512
adda0b0849f202afbdca062120f1bbb5d917a4801f09ab9569eefc93a6224e66c8ed37b10f836f71966b231fd05e9fb6fd7f65c970aef2c38093ab0d59f9c7cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
d54a5f95bee2d06854de565cc8becf10

SHA1
07671d17973a4b7736696b191e7782682593fb5e

SHA256
4e85c0f74324d46400893333119bbf0122e693bd11a6442b73bcfe3f24284b74

SHA512
a9a7056ad4afa03212b06567c20a3bc5617964be35201a84e1c3f87df6291e6f2b35cc9ad3ca57d7cb9ecf6543ec2d3ce14f99aba15f2170971f2a68478000a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5408de1548eb3231accfb9f086f2b9db

SHA1
f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a

SHA256
3052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670

SHA512
783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
254fc2a9d1a15f391d493bff79f66f08

SHA1
6165d5a9de512bb33a82d99d141a2562aa1aabfb

SHA256
2bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0

SHA512
484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\00b598ce-d853-4ed8-b2cf-0f0d8975c0f7.tmp

Filesize
5KB

MD5
f1b7c50f2b73827ea135f776aa69fdc5

SHA1
0d52758fcfc4f0837ba81a1cbe6d9ab1df466b89

SHA256
2031a2552f0b729f3cac9603a6705c293d27f6826e19b481bc5fe0b162d70362

SHA512
badcb01dd6af0eecb8687ac262ba3686eb18fa60d33f0c12acce2d8b3c9ca8e150ea40a061ed676e0af14f664b16b47bbb201375a27001917726bd404990e828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
42f45fe60d4fc7b74fca481a35dfb6dc

SHA1
cc94dbd2fc84990d3ca849deedbe78d37331c735

SHA256
0ff81bfe8be0518d8f0d6ac60e1782d0c04745701c9ec549404fddf3e0604f8f

SHA512
c8855091db9b73ca924a8d3c8c84edba9bc5cc4766816872561d7f2b0d09874636247db6f82815f3d8dfd7a2202e8d664f7b8668925af166cb3e4b01163a2bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24c22fd6809d1ea888184efbe3bfe2e3

SHA1
f4e20c70d2cba4eab50454f2fff78abb331fc66a

SHA256
cb5c469e8c086c1b0dab94ae309a72d595f11514c9ce568261b4a015b730b4ef

SHA512
90f85117b9c704f6c251eb6c55150ee52c16c45555348b7b6f60212af7768c14c46413e14f5788e1a77ad1133eb1a1329bd46fd4ff96c57ebc6517be71aed5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c7372f6f9d0923743d6d08f6c8bc97a0

SHA1
fd0a415ddcf1bd2654e13ced6c05ecca2bf1fd7b

SHA256
d83590f58933f76e77c19f2b22cb9a251df97acdac420fb0d58dbf3e4dd3690b

SHA512
eb02d57f466d111e4f4b362b8cce2f0768ba9b3ed4f727092d4ac4c96204d3470b91e1b46ae297fe2be83b0485cd25b76ab7c2e1b20ccc141899ba41aa27ea2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
48febe0b0625901956573dfb2378e7ed

SHA1
c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24

SHA256
f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0

SHA512
fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4f370a6bd9254521c7cd99edfa392ab3

SHA1
7a011d426dcc12ef16e83f0dbf3a05ca132e93ed

SHA256
836793e4c7fea5eff92db63b9ffd0125385434d65106ef848140f851e8445fe4

SHA512
cdbfe90638eb891af637def3aa3af81b7a7a1b6b13456c54b54f14fa0a3ac2c0d0fc9fec1732eb87859a465d678f93216bf21da5c4e5656e36e7e145711138e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit