da93207c9a39e439b00abe75f452a1ac900adff9ebf980999a891b0a762e38f2

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2025 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

16KB
MD5

8d03c0039c63919d9d89336d59009857
SHA1

1a862d584c360ef557313846ae2e54e4f84f3537
SHA256

da93207c9a39e439b00abe75f452a1ac900adff9ebf980999a891b0a762e38f2
SHA512

37303faec2acbf39d14255fe3c24bf55c8deec8e6d27c5621d029da5318f6af4859e5544f2d65917c5c66798c91575f56420ffd9bc957abbdf77597a6604497d
SSDEEP

384:IiThOz9vq8oWx2GnD9DIf+gRV5GscxaOpKOj:IiThOhi8j4gRIf+w5lcxTIOj

Score

5^/10

google discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand GOOGLE. 9 IoCs

phishing google

flow	pid	Process
31	3592	msedge.exe
31	3592	msedge.exe
31	3592	msedge.exe
31	3592	msedge.exe
31	3592	msedge.exe
31	3592	msedge.exe
31	3592	msedge.exe
31	3592	msedge.exe
31	3592	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133830359404057827"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
4348	msedge.exe
4348	msedge.exe
1636	identity_helper.exe
1636	identity_helper.exe
3996	chrome.exe
3996	chrome.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe
5816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 3052	4348	msedge.exe	83
PID 4348 wrote to memory of 3052	4348	msedge.exe	83
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 4104	4348	msedge.exe	84
PID 4348 wrote to memory of 3592	4348	msedge.exe	85
PID 4348 wrote to memory of 3592	4348	msedge.exe	85
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86
PID 4348 wrote to memory of 3836	4348	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe6eb46f8,0x7ffbe6eb4708,0x7ffbe6eb4718
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand GOOGLE.
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9790216628887122403,18403125750406481647,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbd566cc40,0x7ffbd566cc4c,0x7ffbd566cc58
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3392,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4676,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4476 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,8079720421912916519,2199676076289901989,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:5472

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c6c6c37202457c79b0c90917da71256b

SHA1
047ee4b9c955f7ddc00d556d46697a2fc97fd819

SHA256
5738dfa621bb495e1f1ed0e37244a5d940533b2f1f2fc67967e985c1eeb7f0b9

SHA512
93784cedeb4e7a776cb3702c7a1fbaa4df6d13c58441bc5051e4844b851e005e1c24cc12c01df2ad708d0489fdfb791292f5325647dfcb11f2389d40eee645fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
47c939b77ef7a25a9cd8483c44832c9e

SHA1
9421e369070eac0108bfc19ed978abae757001e8

SHA256
032a68f6d48fcfc839169b306ef89318e801c27bc0e2a625d82c73e6f8517594

SHA512
f79e79665f5fc5eb543d317da03b943a6c505832c581d83d10d0a7d39631a7480772df22dc747a5a2d46ecabe4823c868fe0b224cfa1f1672b847d5002a3cdd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2e43d8fc5ff2250aea5eeb994391ebbb

SHA1
f7f4f25d70daa1cde1ae4b31f1c16696d65e335a

SHA256
ce237a6101561789dbe2441b353377a3b5c0500afe203f54eb1f4fd637f0f927

SHA512
df1d3a417c3deeaf83123ba43839704aaef2cf2fec9e701030aa110ce55b7bd83d9b5b03ace1cfee6e0d677ff44da258e57ba2b88675738984a3611563e0526e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1ac2995c5bbd61890ece9424b9133e19

SHA1
d013b80edb4f56c5811ba03af93095c81fc0c71f

SHA256
ede77bde1e9ffb3e40c852faa9cc0fc59a16318025ee431fe537d400e6378ca1

SHA512
8e2c1fd5c26ab3b6bd79f2ea8a6eed2fa6f0175102d067e6c0b636054a1c42951ebb90817f9812acf2051684fe8cd64f78a44144916f2251f468338c95edf86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68fddaaeaa2f41eedccae4a3040d505c

SHA1
26a85d75a3d6e2e7bf9a4cd22a48f9aa0c071d3a

SHA256
82b6d202bd079baf4a716bb151f733c176b2a250f64c0827199d167824ec4b3b

SHA512
74ec96c4ce37448c603a67a529e159b7da874fe6d753408d0e6d3be5303884a6837b40f86e269496d2f1d27da9df6e211d51d7728e76058eeed57f56eb84ef20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d23d08a3e386acfe57afa7be40f87d0c

SHA1
2408df25c80b84d737699dba3614365fe5ee13cc

SHA256
81063fee58a6bca3c84c33853974360e190cb3a529e31bd0b07f0637c6ff51ce

SHA512
55f6174868a0ce604ac3c392d765e8f79183c3a147da07dad8924f5e406e1fa88057e99d2958bebe014cd19d5b86ea605cf8f8cc6f61458c0b490cdbda4fc85a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
2cfd1664aed47e756b93541d0111c89b

SHA1
56cda49e13514c07d1813b916824593f895e5486

SHA256
3d760cf5cebd38c88fed6cf3861b58a31210378ea20f0149b0870f6573d06310

SHA512
9d27b79ec3d116e2eec72011b1b07d927a5c43789332c90068c2fafc162e5f5f97f90beda55d115c8439d348706af929af585de22acb11e4cb50c077ea929383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
c80680e28cad4abeb980318119eb4456

SHA1
bdc27f4d88e34a8d2ae7f52f2bd35d8093e43c35

SHA256
62b671f9841d624bb144782108d49a67b31a308d26d4dfa07f7473d12ef687bb

SHA512
b6a4bbe66e45b70c83896a26895415bf0d0b803f4dccdaa72d6feb2d42d24e71fb1d380b941cfe6664505245d5f83861bf48bcdbaa5ef1031207eea6a0ce666f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62e6ffe7501e581c80b178323e921b81

SHA1
d0881a3d0aee1c256291d34a90e3092fffa60ce2

SHA256
a4f50a6b36e27013a694382c996a1d3059d38310a138f21aa25cc682be5cb0e5

SHA512
0c4e34fc9a7c5308b1cd05ea71d78c75a9fb85267d7f3e5616dbc1390794941eb549bcc70f7430046ca79cc0055edf0bd51b8eb43f84ee42163dd34d612ba137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a84cd7925378cc74972cc4e677ecef

SHA1
30b4da4c5dbd0cc77d756d270ad260ef74987ccf

SHA256
7be0a4cebd74cb4d879e3f9950f5ac5a05acc3bdc415bbf9d3dd691cccee2cb5

SHA512
ef142224cc0b94a1c5585836988a0d544e7e8b5e8573a1893c9fac528a1ccbbab6c9c7acaad7cfec1a415544bbdcdfd1d0c5e0a0819cb94107fd81989df18704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
104KB

MD5
c1c26148cb5d957de6c075c3cd70fbf8

SHA1
d4d3c04bf4fc12f783075562c1705170dff9f1f8

SHA256
03527c7e2cbf3987b8a7aed9943ff4c81664539ab2638ed89470321083b3d34c

SHA512
746d23b2759d48af26d7bdfd0351edff3d0472e080050b6e91e71c5b6df043d8219243a67f7572f3ad988fe4a7c70978739d7a30e47ac8fe4333c6f7e05b5fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cd8b2b0830a1ef029ffcfbe37f42b1d3

SHA1
a411db71fa13396757e9e7b258706c3ad4eb757d

SHA256
3a2ce1eb730f53fc6d9e851ba414f2c865a141a8619a74bd075be9d3e39441e2

SHA512
fffea1122e12932dfe3bad260f2986d645e0e44a4408bbcc9f971c48449f77bc5cfe2bcafbcbac355ea8620b4bcaaa7b9b30d333baee7ca3b7d546761dbb0a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
78303b66599f5b5e69d235aab3917ae6

SHA1
41c40d0956eda643e0c7e9951ee2f7ecd4b33c87

SHA256
d427fe4400db6a813e440257641fe0a140b1a7a8c38fb62ceb4b7ddace1057dc

SHA512
da9a78bd0b4403bc67f99abf26b4f6f38a62f2591a97b6795dd8d87b82f416270258d79549d4730ea06ce5d2dca6cd28fb140adfe3eef8b2089a43a8d6830ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
768B

MD5
c86d45fb47668538b1acea45a6499935

SHA1
1309aaecc3248f3013c1287fc341907b030813a8

SHA256
4b70d44fa014260130f9ba7eb985e18e9b51dfb79965a00a7d6feaac8ce231ee

SHA512
8f0cb18093e0e00c33a420604d6944bf30b161f2eb416ef05c3cb4764171a389161e2d268ace60973fbb78d923f8968cb897319b42be6187c7bef5be9203bd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74a894570e62306c94ecfa1b636c1e89

SHA1
0a875a94123d9544a4a35b365dac02168a4a24d5

SHA256
2ca959a7a113a1645902650a226f37ee8c30d9fbfcfe912b8e56ada78be84915

SHA512
e3fe2658ec576ba98da93b7b3bf3b40ac10ffe44bd715fb2ba7fb502ce90eb7116ccbb443709be42b5e4f6b23b0310268e24b40d7751bb26774893600b2f66bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6150c350bab17e7702e7e3ce4610e25

SHA1
7fc740823ff47fa256cd92d6c6f499f133a6e11d

SHA256
647ccd0026df6b6b89e6069148d9afd32f496f7f6c644647f9627b08d833fcd4

SHA512
2fff4453a780f0184efa3a21aeb23925e3b6902bcfa6825a733b1bd9eb61d55bc3492b33b3fa5533c868043c64773414bae972ac456a6cc1b03690bfd1394956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4acd13f1f22ab04e1bdf0b19bd859f43

SHA1
dcf0c806843bc31f0d2809ce4036893de4781d9a

SHA256
aba8277ef79df7f9a28ac7e29d97026151b0d625106575b9fffb8704a37b665c

SHA512
41d74bb38bb91ec7fff40494d51976834414d4cd9a211deaa4b8b83f051f7d0b1db64dcfe80b0b9472c50c3da6cd4cebac195123f7a6309661f2ff6213eaf003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da073aed33c442a9bb104d46964eaa1f

SHA1
f27a9a8d182b292434601bf9a24569abc3e57407

SHA256
b2a0875932dfdedf46b32cef05ed15baf033c7940006bef98bfe06eb9e507ff5

SHA512
f4e85b1d2fb614f9a0cfbfce7882213ed5a14285c8d6b620d95ab7c48eb7cee82627ee799479cfa940cec7659e0f5acedfd0a0a79b1ae98d95afc7c724da0766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ac60e2ce186ff454cd96dffa123b8f20

SHA1
6912525247da043ef65542c6fa22d7f6861018b5

SHA256
63abd1c77058482282d5d2d3409e9c2506c0663bd17dfb2e0df1e52b20c63180

SHA512
550db9c9255db09ffffb0ed52ace978274813506db1654ae8d6a8a4b6abf6f58fef08ce5a880892a9ce2eb2566b4a83b9f5062862f7d0d25c1894db004020107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
511b2b2c34bc6cd9eecc4ab3e11b25d7

SHA1
474a642d445422589a6bdcddd687dcdd6e91a54c

SHA256
d23969363b67d1d0901cdeb30a186765f5d9876494d9f037b503089a02a50c67

SHA512
ea9a678f15b01aaa991c8762453f6a59a8044ac9e1cbb2459c6d5264c2bb7e2cff63ac7544119d8abb057131607cd28f93d5b7e82b0333e686835f10f32883b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93fd1360f094c6293f19295b50c8f0ea

SHA1
2a933d44962868a16cc316bd3cd6e4a2a0f7ae6b

SHA256
fa2fa9ae54f88e9a10340df919bf71fdc4375b2e1150f514ffa43cb282bd352f

SHA512
4a65150ae6e3157da012270bafe760e5348f4fe30cc28788595ed7b231adf4ff0aefea90aab10d9a832018232c22a19574d7c870014915695cfe49dadeb7c0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cf80.TMP

Filesize
538B

MD5
ecc681274f921a8e37df03e3577b9375

SHA1
1118fa194754201a793fb53dfb4717168e844b32

SHA256
de25f5bdaada6ab646be000204f45101ecbb57bf6f26257a20f8b88113b687dd

SHA512
e0faa21e2e06b77c2e5d79a645a739a7349572638b34b80ee68bbebe08f716e8b65be0cbeb81f69984d55e9a26168ad301d76a30394749a45e008b017417c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b728f0e5217f373ec35103d3fccf16b

SHA1
31045d330499fced9aa628f4aa010af0cb0967ee

SHA256
cf93bf872c64ef6971bdd5c6f3256a47f79fc631721a80950e66d4d1fc90bd73

SHA512
4a7c6c34bbfa04c633464a01e1da5900a094894f69d61323b9f185bef40b30c48b82b1e8afb7f2514bd8657320b3e3c6a0dd5a4aa83bedbe3ce2471f1d628547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72c1e97f6b8be6d14f13f22626667e4b

SHA1
0e8d22da0f0523c50bd2fb16bc2b9e1c9d6523bf

SHA256
34b0cd18043acbf1124aefc80271220bd4ade7a71b6d32ebea8bf07437c607fc

SHA512
1c6f7b8a43bf8e0e0e21473ebd270f9affbfd0079cc738ee2c9e995d6e8751c376959ff28b3c8141e70417df824000162e207c35abf42fedb4a49b11084481d0

Download Submit