ac389618d50d9453678ab3803d7e77a7f7c12e047624731bd1dec09137096ba9

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2023, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

319KB
MD5

2b94cea59c44d04195169b3e2bdfd97b
SHA1

aae38985347ca2e1244bbd79b38f9acb5b3a0288
SHA256

ac389618d50d9453678ab3803d7e77a7f7c12e047624731bd1dec09137096ba9
SHA512

e563bf4e71b9709fe5e14e9e9c8e9456f0cbef421389e446e2adda0a506a11f4f635bd4bb265fafb84b90c7ba50381c2b40e994c1b88f84ac529e9a08c7269e5
SSDEEP

3072:giLgAkHnjPFQ6KSEq4oNF5MeCHF4aW+LN7DxRLlzglKhKw9i:bgAkHnjPFQBSEqv9Cl4CN7jBhKw9i

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1656	3988	WerFault.exe	111

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 9731bf4db045d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c5d2bc9dd664f743a8e8436d1fe3c25a00000000020000000000106600000001000020000000bba5d368f20319a5a3870e32b777c3f3cca8f308ca3171bc6dd3a92f46fc3a00000000000e800000000200002000000028e0d9e9a2db7c0b6b21d81d968ad5d9af694e0ddb1f2e1094867d317a82422220000000c42fb862634cac9ea0c2a1bd2d3f2f14c51ce0ddfae2a90124e1e67042599c2240000000453ea28a7db4fef0816e7a1c6e647bcc60b06afe538baa069a3539304168a33f236d6e1f3a958f422b684a7c7822e1292297ca1ef1aab3643e772db2f8a58fdf	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b44d169d9cd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038621"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203ab6169d9cd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c5d2bc9dd664f743a8e8436d1fe3c25a000000000200000000001066000000010000200000009455757f7b0da73bc60fc329bbd4196f24dff9b2ae87713d83ee3a5779bd4ece000000000e8000000002000020000000afb44e2aa4013bcb44cbd5348391e5aec9e260f6a431862b42efae49a013db7a20000000937df6760020c95f984a569919d4a047e9ac85d9df790cd8df8c1f5758c2440f4000000090119f04c91f3f819fc81381a146437760aa7e3775b22304efe8e7b82789cdc7822b94d222e2b02bc96e06526bb82feacae46927387df7679a9dd1ac29458c7c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "393277563"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038621"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "44320064"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2DAF4999-0890-11EE-BDA1-4E963766237A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31038621"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "44239972"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "98951514"	IEXPLORE.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133309862622386895"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3856	chrome.exe
3856	chrome.exe
5424	msedge.exe
5424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe
Token: SeShutdownPrivilege	3856	chrome.exe
Token: SeCreatePagefilePrivilege	3856	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
1664	iexplore.exe
1664	iexplore.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
5008	msedge.exe
3856	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
1664	iexplore.exe
1664	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2184	1664	iexplore.exe	83
PID 1664 wrote to memory of 2184	1664	iexplore.exe	83
PID 1664 wrote to memory of 2184	1664	iexplore.exe	83
PID 3856 wrote to memory of 3752	3856	chrome.exe	98
PID 3856 wrote to memory of 3752	3856	chrome.exe	98
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3600	3856	chrome.exe	99
PID 3856 wrote to memory of 3444	3856	chrome.exe	100
PID 3856 wrote to memory of 3444	3856	chrome.exe	100
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101
PID 3856 wrote to memory of 5116	3856	chrome.exe	101

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0x120,0x124,0xfc,0x128,0x7ffa5cea9758,0x7ffa5cea9768,0x7ffa5cea9778
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3352 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4808 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2412 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3848 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:8
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1856,i,10995913997394794146,487836133855231503,131072 /prefetch:8
  2⤵
  PID:5060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultee8d090bh4f2ch4405haca8h5bd3be37e494
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa5fc346f8,0x7ffa5fc34708,0x7ffa5fc34718
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2800518692884680198,11792354848887701951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,2800518692884680198,11792354848887701951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,2800518692884680198,11792354848887701951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:5464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5648

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 3988 -ip 3988
1⤵
PID:6132

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3988 -s 3544
1⤵
- Program crash
PID:1656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x49c
1⤵
PID:5956

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
64e5e05ec2f7fa79d905cc81556a5616

SHA1
cf5b48481b3925891f74eba49d81dd5736f0eead

SHA256
218622816017a4cb2f1e254b0ce9e5d1d57124e5b98618776dce8efc1940c4c3

SHA512
3e2be982f5f4700956e1a7b23862ed0f882b7286057088cb079d4502176865e8de084dd11b47e5b0e06474101755137ffe5d36d94c34c3d1168fb140036fb951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
63a98ac73c507735545199701e1d0443

SHA1
6748681657a2794ba852fca0483229ff353b2dad

SHA256
ff07c8dbf8bed6cace8aea69832c7b4cb95a94c96f05172838fb8efaa71dbafe

SHA512
cae0c1ce9cd6182200ac85bf9a713bcb3945055f31064368b60eb7d34596b4c1a05086ba246d8ec3ae95fd0ba50c63a4e3fe52cfb9d62ff52898dc19c8566d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_A28FA56399615418D8F95847EC7FE4D9

Filesize
471B

MD5
644eb30af7a3fc71efebbcf990a6c4df

SHA1
f7b97e166276f437220cb755473c5217d9d2a919

SHA256
2489b1c3f52b0faf50b6f884cec8d8d23f57d05f2a2e15136d8659546c9f8d60

SHA512
fdeb496f168bace0c4060f0668b2f24cc83e2833e03b6a3ba737335fdea5d2b65d2fa6922c3dad61793f04cca26efb3f3a3772f6ab033969b69da56df63dac3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_45D75838C7F63858DD83743CBBA8AB0A

Filesize
471B

MD5
f111f456066f8fdabe9add3ddcd0a46a

SHA1
20b5f132b785fd5b97a8bbaf202a9c881d685c76

SHA256
85488b7c4c96f48fe7458da87368c734cbb204efbfe13b42d743b11fdfa5c42a

SHA512
f41f5a5a06750224c11fe6e3091aab3bfc506a0f14844fc67a2c076ac36f215b9808e0778b85b5fc025e71937b9546acb4554a9115dc5d582724948a7dbd12cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f163f6209a91191ed8cf3fe070bae57b

SHA1
59585afb35fe6560810e28e80d0c10789c0935e1

SHA256
485cc42491ec1068fa7eea68033d6b72bfb662166e5f6cba09e6061781d89c78

SHA512
c167ba68c012ecb0754ba7d130acccfdeb28529ad54444aea9d14be0046a73c142b74b647def9ce1815d235af1cf329069f2f7b68820de51d0928f4311978eac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
bc8db5864e0491645e295947c6695bf4

SHA1
0229a7be69c51735b55989227500d648bb8fe08e

SHA256
d884e067686980f1eca810ee003924bba604be61a58a9f6a02d36fb4b02225ff

SHA512
d1a1baac0ee5e98762bb396ab24fe22c3198263ab676a2c9d651363afcd8fbd1c59d8513c3c5e9a2400b9b6eb776105c176eab37bfddd19287a5f6a65ef51cc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
0fa2b2b5f30fd76cade2a942479f5f20

SHA1
8be22d4093d2c2420ab977c15ca020f3b70c61a7

SHA256
da839b19fb24716d258a99a48548e567bfe09346f569a67199f52f8450bf8bb4

SHA512
346ed0667be9948b1eb304716d97f1f3ee69183712a0e717ca331bd41ecc7a905391c39f6fcfe76f48f06c871fb001b7fbeac47801ac8814d988aef0cc290381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_A28FA56399615418D8F95847EC7FE4D9

Filesize
410B

MD5
ca8c42fec5144ae063b36d248fe7a59b

SHA1
5ecd17e8ddad0e603a0ad096ed78cc6a599e4711

SHA256
2b14efa09416ab9d4b47a3b67990e1edfa6408dbc792f60adfe55f6e9c49e9b6

SHA512
24c514e75a5c3cbaa556abcc3ed6622ef948da8543c683230927abde8153f2844726f86a9cd045e634a5922bc2a92b8ea3d205f0259db5fc9861de504d4b9eca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_45D75838C7F63858DD83743CBBA8AB0A

Filesize
414B

MD5
46fe239eaf44cdcad66a8e5db3b64625

SHA1
ac4a819854f16a7738b25358d062b5d34f960f5d

SHA256
02ca53bd20438c39fc8addb0c923760b1e9c30b15400a901c3e1143dce585b19

SHA512
1f2573d7523eccb1e15df6af8a929eaad7b570bc6a7e3c163a524e230cbbd2ed6a52d151a0d539efb25eb4975bdd0fe4e3f56ab697c99468a58d7e49327a4279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
36ff0892b173a89fbd9f15c7e1812c14

SHA1
110a15881c06ceadad76be17a1ddfcc3514a0491

SHA256
62c424cb137e2718318c2e68539bf841ef34db5c2c31ddb0246049b7e98d5db4

SHA512
cc345882e1cacd23febf447387e1e1ad2845cc9c445660c11e40a3d553b45091e83d79680c12f578496a3b24e9fed2e1485568634c715bc7bc0531a66887ec2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
597596807cc49861f1353d76c63c1065

SHA1
e262adea556d25591e01f751e00c39bb126cca5e

SHA256
a50d5728c551322a79bded0a510f0dce70b9f85614e068194e09d8d42fa14a15

SHA512
8b56c4b87f0c07714e2e3c2c52b42fa3e8566d645fb3fc364ea5e653e074aa65cb0c7ad4d889be46eccab396d0e4ba93487059b2d5eec77f9ac6e88f282c4ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
fbe1c22ee4cc786fc5099967404d3930

SHA1
f442256addd8efa8201863fc24c20bda7fd878df

SHA256
c55cd2be16e832a0006f866a62ab2db8624d9c5b25f2f295df90a474fb220afd

SHA512
c8311aa3f343363b332ff0300951d5f0a316af92d6f9afff63c59b3b014fae142f74db28e23c131c880b3164411e21facf3b76aa5ac8c8d1d2a8a2a748e7d996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
84922a1b026d7d8b95b59b5801614b1e

SHA1
3107aa7b4775cd2fb83b89fc3c6044c9e533548e

SHA256
19a649063f5e9fe84a222de1525a920fc56f55342cdb127bfec3a25953e142cd

SHA512
98bf8959939467df074af65955d7b8bb6b79e9c181080790ebc22118e4452b20a5a46d9aab8a5e6dcf8b81c7621b2fa1c125a8c58107f423315e6cf43e564a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e45c266dd5c46d91d9cd2d30e986a9d

SHA1
5d935da214e68923efc097df3b231c9bd92cc659

SHA256
af55fc301a41dbd40661e96008813cb7314c5ec475449028a2b303e8d57a39c6

SHA512
b47dc4206a34e81387df617ccaf827a96442c7bb3b09edc9122436f0ced4b8f3bfaeb023f7469f90387a92c772ad98bccfa1423cbea0fd578604030750d391af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9712f6183d0a0f4267c7cd73dc6c6e54

SHA1
8008966a41ea459939f25eb415af2811342cd530

SHA256
479105688f4e13a175a0a46f775960ada741c8fa4e20fcb6a8a3d718a7f9244d

SHA512
e520624b9d65721de5fc2085a149bdb5d87f483ceed03dde7b4f638ac773679d785fac6f253447204fb8bb5f1f8d1a4199e6e8bb81754e4b92c5dcfe7371b862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6d4db649639312f49ca7dcc667fdf1d8

SHA1
e56b57eda3d3be51f027ed886d9e5828cfb6f1b7

SHA256
8a684c587174d6c18292acb56feb05a0e31bbb4c5d0123b2b83d096ca53026a9

SHA512
6e0aa73d76eb0ee34266357242fbc966d54b8ecc3e77ab9d43fce473a3b2e5e3feb7d04222900e1bd88e4ba69fec44c9e11364a6b29f2515775041732dbda3b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6e000cb827cccea346026eca40f298c2

SHA1
71004cb5d44319b00a7c8f5afa17e59059838bd2

SHA256
27885c29dc475c63b15af160cf1fdd622a1cb0de10b7e0dd247bfc411b6d2d1a

SHA512
ece028e0371e31f42bb2004f0a420df333346a0f644cde25322244cd3b49f71684297250b9640ff008ac1ec159f5a691120e3dc8707095884790a7c0668429fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8ea84057371c19846ec8df62523cd572

SHA1
f2ddb9d8d07aa09695c7169208954da87b3cb29e

SHA256
e03d799e127eb1599f90107574eda8283fd5cf557a8076873c7fac07c29b83ea

SHA512
2a26f27c993099212828626e1281ffe8895c57d8914d1dc57089d4ec385c101b07d590d9117b63ce0fab16fd69ec664e502080bdeb5d43c45355e3faa4b40932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
db1fe34860e487655daca01c6e2a11f6

SHA1
6d0ce0e0050d5be2483721c4171a8072f53773ae

SHA256
31b1124990fc37551110190722318389dfcf5c4c53c9b3261bc0b1f5d0c62573

SHA512
741870afe1928ce6a8fd91ed5bbc4e3f9000608dad891abb68a1576be5031d4d76a160ee3a325c527ee6e243f1fea523305ed959ed5fdfae5339333101089476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591469.TMP

Filesize
48B

MD5
167c608839f1b168bc056f12e85133a1

SHA1
5881206eabb710bc08352792661e172d700c6fbc

SHA256
d4bc602c3adde65a624e5fab0637f721498459f2a16df57d042b1b96f7e1e664

SHA512
0e878c46dca569fffabaee3332defcbc227763ec245e242a01dfa99030770fbfd48630019e361e748c3a5e4b68c89bbd508c78e15ba2dc9bfa2a2702b914f09a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
7bfbdef875d53a019d64d89ec1c19128

SHA1
9e0cbbc16c0097e0ce1913beb73c17a489222313

SHA256
da0f6a366811258a1cda0f6a9bafd2556fb91f47c389749e16ca310c8a7fbb42

SHA512
c06eb0ceebe142793bc14bb05a7f23626d034f27888271065ca2e2b2b2bf781e5d8eabf5bf6b85c115b6431de7e68bb20bc442eea9444ff324719bc3942d74e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
7bfbdef875d53a019d64d89ec1c19128

SHA1
9e0cbbc16c0097e0ce1913beb73c17a489222313

SHA256
da0f6a366811258a1cda0f6a9bafd2556fb91f47c389749e16ca310c8a7fbb42

SHA512
c06eb0ceebe142793bc14bb05a7f23626d034f27888271065ca2e2b2b2bf781e5d8eabf5bf6b85c115b6431de7e68bb20bc442eea9444ff324719bc3942d74e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
b5115069937f9c7dfd31bd8577581f75

SHA1
7f1a65e04abffdb9956d6f1bc1ee654f6dcbabbc

SHA256
3a6af9c42a6c5f6b62f74a6be363c536ca3acaa9c0f642c7f11a75126c8e83be

SHA512
cde6ac193511ee91b9b562b055a38a8361fd3378607ec8806f098d12b23418ae5be7c04f74b62466dc01e9a9fa4d22da38278c9d9c7985ecf87a5ae9cb331f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f73c.TMP

Filesize
97KB

MD5
e252e62eb3b4b875cb4579af26ee2d74

SHA1
0dfef34a8cf5a4b3335bf4620f6e570836558293

SHA256
bda78fffc3aa2d51fcb2577d8e220c6ef72725a1a40f75dfc7a94774b3248882

SHA512
ec1185420e847a19572a63213d12502832999698b66ce4e5711ef269a49c49fa2e8f0a6c225d632b15be94a746bf6b7a3aae47f41fdcdc0a7ad90a92221412f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
2aa50d48b1ea8a10baaaa2c1f7ed07c3

SHA1
53782d3812857925c6663d005df2b8dff0f001c9

SHA256
a003180bd74538a0622a99c418daf921289def501c0401b00ad23216c0eb6c09

SHA512
b7e8d86a2a4a083c2143398e8357daa6bb5967585a104c112ca6f7d487ddf2ba98716855ec75af2612df51983929a0703b6c020f751702e7e1244b287fd32eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
3KB

MD5
16d981bbab2af5132327bf633ea83c2e

SHA1
f14d0ca73b43f46d7e10266ce2d68453e22d9010

SHA256
dbb538b61722538fada5c995d9a656aad7d8f312c73315a5b11a2acc5df53ff6

SHA512
cf77d4096e6e079ec4c80542b855213a36197138a2a04ee054e03d93922823f767f08812e23e012d966a0f112a6bf2f50fd2896149c5a02a18c0d496382fe8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
59e48666afa1a5c1be524911de032746

SHA1
ceb7e85469b385b93097ecae0a8d55152884cf45

SHA256
36d6b9d18a74e0cfb06fa0b12ae54107572403e2538111f364056eacb078ce1a

SHA512
5c06aee12406e4f21751d4c51c5fcfb0e42873ead7115a689d4027788f98a69a74860b860044c832d6ea2e9117dec4c422748ce377586cd3add9dc7a1da90b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit