d10a6da2b3ad236ac3c7ebe61204fe900237e368f78a2a98f7c6e9185fdaa152

Resubmissions

05/11/2023, 14:59

231105-sczbasfg4w 8

05/11/2023, 14:53

231105-r9n16aff4t 3

Analysis

max time kernel
267s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cyrus n word.png
Size

13KB
MD5

0592bbfc0626781b59de9edee34386c0
SHA1

00ed32f102f0174f56d1f759f964414d39327a48
SHA256

d10a6da2b3ad236ac3c7ebe61204fe900237e368f78a2a98f7c6e9185fdaa152
SHA512

3a4ddf26dd2403967242b9494c995598948dbf75f977c7c334a4b19c3b2878c333b8b44575bf8fdb76c863af2b989a8bff0e5e2b7e8368e9ac96bbc1ba5314d5
SSDEEP

192:cWrOR+4rzdLe2G5UgTXgboi6gAYBiTagaGOTZfveeeMPE0yeetXYLMXBBzPfjo+Y:3Oh5gTYOgkecKTUedMRB7b3d+QZ1w

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133436699053251942"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
2520	msedge.exe
2520	msedge.exe
4584	chrome.exe
4584	chrome.exe
1160	msedge.exe
1160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 2892	4792	msedge.exe	120
PID 4792 wrote to memory of 2892	4792	msedge.exe	120
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 3776	4792	msedge.exe	121
PID 4792 wrote to memory of 4384	4792	msedge.exe	122
PID 4792 wrote to memory of 4384	4792	msedge.exe	122
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123
PID 4792 wrote to memory of 2212	4792	msedge.exe	123

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cyrus n word.png"
1⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte4334d76h4fd4h445bhadfchea679a110514
1⤵
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffecac946f8,0x7ffecac94708,0x7ffecac94718
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,7217212580642264158,7654775594416582638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,7217212580642264158,7654775594416582638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,7217212580642264158,7654775594416582638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultdb4d7503hf226h4b7ah8106hc8a661b7df72
1⤵
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffecac946f8,0x7ffecac94708,0x7ffecac94718
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,18368179511886098582,7879660333080394530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,18368179511886098582,7879660333080394530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,18368179511886098582,7879660333080394530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffecd489758,0x7ffecd489768,0x7ffecd489778
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:2
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3288 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3280 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4868 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1940,i,16874344788198956109,9387750656940972446,131072 /prefetch:8
  2⤵
  PID:1924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault57a121dfhd75bh4e9ah9bb0hf3b2881d2444
1⤵
PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffecac946f8,0x7ffecac94708,0x7ffecac94718
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,1389943430229124953,17540510544847617269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,1389943430229124953,17540510544847617269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1389943430229124953,17540510544847617269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5c55694e3318718dfe8f2ac53b875f6b

SHA1
be375a972a74dfcb25e8aeecb97f18f939513ec9

SHA256
921a60e548b930c53f57536efcdf1a53fc609481cea5f66e38f80d0aceb5dc7e

SHA512
9a70f0d332d42cdae1c04891082e625e6f3b52ece21fae71777eef6e6a898aeadb21e813d684f937621005834d1a12086fae7004af88d2d538b3601368786916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
09f067ed55320a781a7029671fb44f74

SHA1
1e348909ea7b2db22cec06691d1ab3782b09448e

SHA256
94f72572e5e477aacacdd082a092dde003b1d0031159ddd1f749c11ff4986e5c

SHA512
35dedcaa76f7af92b31055c64a65a1e76a76cb6841765824195e1da82fbcf49c4b7696697ed8352e62dd345b52296a673426b7566de09d5ca1ce6c8847d6c97c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e07e117ad86e8f0b9a12912d4d933a29

SHA1
586ce1ae7b828063e9688bfb829b7b5a2e840cf3

SHA256
af73caafb6b8279f44bacf499ea66625efbf7908bb8d5840f285351cb3f479f5

SHA512
78f2ff6324aaa57758a2775c8d7b767b42bf5775db27feaf5bcb954425b11c680f9e3b65efca4f5cea59b4df5a49b898c25afb52863f51c14b040744eda5dda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bf2f9de6-ee46-4b19-beeb-49e6be12a065.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
6b2e604f12cc5c2ce98a8fce8df10458

SHA1
04e0e0e91e5cf94632dd46f6c9be5124240b3197

SHA256
e6023f0eaa1d9cdad22a99defe0a5e4af9d30070765f5d6d7254d2db2ab5969a

SHA512
38c236b5c9ce851edb8ffef0d3854474dc6507926349f6ff9a536a249876af5ee0f4f92558f5651ea3816daf5df81e596f07a972c306b863d82a48e574e1b6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a4e4d8eadcfccd456d08a940a5265b9

SHA1
f308b7aa81d5a285fb4e8d1a8ecd57275ccbad32

SHA256
0834f843999fed51a04d2f726ceb6b5d4fdbe839c73185dd430dab51a78464f4

SHA512
1aeeba9ab263eba4d5f6fe852ba835b751b3ad1bd2e1ee3801e19cc6deb5fa70b12562ea4af2c6145d834e81f2f78257131f692f0d380fba50b0e1f606a26ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a4e4d8eadcfccd456d08a940a5265b9

SHA1
f308b7aa81d5a285fb4e8d1a8ecd57275ccbad32

SHA256
0834f843999fed51a04d2f726ceb6b5d4fdbe839c73185dd430dab51a78464f4

SHA512
1aeeba9ab263eba4d5f6fe852ba835b751b3ad1bd2e1ee3801e19cc6deb5fa70b12562ea4af2c6145d834e81f2f78257131f692f0d380fba50b0e1f606a26ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9cc001d07a1c759b6fe330449d447650

SHA1
3993a75c5ac43b5e251ebcc1f3f0487a02d17d4c

SHA256
67b443122c700fe218158827110256686541cad25959a7ae77a7a398668ea354

SHA512
deb33a15ed9d4ac14876683a9e7753d0165a7d609904878847f0a336548c0bebda70676e4527f7a753838ee5169a01d0d692c0fc15cad6b45add32b377c7e0c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
ff7c4fc21eab966a4815bec0ec40ed0e

SHA1
d17a76327885df486b66bd7f551cc72dcd95ec8e

SHA256
73efb4aea89a443af798f7a2bb9d1b8dd18cb1e05a0dd6ac973ae6a4eb13b61e

SHA512
ec82cfacd42b3980c5274ef0fc6169910e2bddaaf5e947f5eecef49fdccf662405acbe65c21d98651a47607c4e4c0cf6bdcf3bcfe32dd3f8f54cafd1337de857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c48f56ea24e852443ef47ebacd0f0cfc

SHA1
aba64054b0d5c2dc188cc6a85ccf3106cb2722fe

SHA256
5015c701a38da161938180cc3f6329b6a47335f16461fa73b5d1b47e23b77c0a

SHA512
b25700eb9fe42d79a588ebdd43c536368cf95e342d0c5280f780880da0c3dd4e73d7fd624f6a34897c86d5e528f8a0056844535acb6dcc27ff77663db577a1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c48f56ea24e852443ef47ebacd0f0cfc

SHA1
aba64054b0d5c2dc188cc6a85ccf3106cb2722fe

SHA256
5015c701a38da161938180cc3f6329b6a47335f16461fa73b5d1b47e23b77c0a

SHA512
b25700eb9fe42d79a588ebdd43c536368cf95e342d0c5280f780880da0c3dd4e73d7fd624f6a34897c86d5e528f8a0056844535acb6dcc27ff77663db577a1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9b621c60377d79edd95110951e570fa

SHA1
1216f57296fd01411d09f13217bae2dcdd6b0571

SHA256
2fc3abadb562c0db6718be3d59c2db2144c0f1196281a5fe9aaf3a075d45f8a2

SHA512
f5c960afdac90e58bb2ba321db7e732c77b72a4d72ccd48a4c56b20af1e0f82354c97bc55f6248004a5ce573db35a792db842eaffc754b5a954d314f1473ad74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
478bab5662256ecb42399eecd066e90a

SHA1
7d9e611cf8f1fb93bb3bee8c77647f552874d0db

SHA256
b2c7035351709dbfa8d161950a92701cfacebe99fc84c9a702db76ffda14e527

SHA512
8188f4ebbc48242ffcf0de0a509248a6a341eae3f515803767bcdd67a1153e1972db9be25abb8abca660202a77556e4821770d3edcf03d6711c4ae7c73c460ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b67fa1907ba3a4d8520754ab9898d24e

SHA1
a47e3dde4f3148fc8516b8a35aa130f508e555d1

SHA256
8ee118c6f08afaadf58a547c36dcd1abc70c7a09c173eb6e1ae35b2f64077030

SHA512
90915502dc5f3803b649cced7bbb7dd2126277e998b033cbe13b88ae8bb29d224b03e31a0634849c23b48be789c4be2446a5406b5fd4eebe14417a7448020ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
5af0ab02d56f42a253d04628e95376e4

SHA1
15b928628f8de90e6f5ea2a7acd4b2d89626ea8e

SHA256
407dcba27ad6b163297e70b9d125a668af02a41d2940bc0fb78b6a784b8dfd6e

SHA512
ea9358133c7098f157d1c0037b1019ba8ad87d7f6a6208f2dc5fe82d62cd0bf19229ea69303abf158d2defffe1d70d807c84f5e8ff03e9c458daf1abd14c0004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
4d0e6a42e6e4ef22c2d8539ed07594ae

SHA1
5494ea1d216f8171739cf7d5e5e3b2dc4447ebcd

SHA256
9af1abac36feb73a08146ed44ef393817398e3bd5139d3db04208d56b7af566d

SHA512
4a9707bdc252134a217c8118c26c4e28174d603705236b00dd3536b2c9b82dd176d98288b6145c70a22f1e30057ca6a79f80a049a0c3a60b2d23d239641ff4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
eefbc2ee64ff925ba907162089553edd

SHA1
08ec38486c827293ad10dfbd5061a852af74f6d9

SHA256
b9984aa74914902d7f0e7e866ec1229430f228cd02242dfc0ed0a50c951a9cd9

SHA512
2788730b513599671a64ae0c32278015666b65542c1d5bf29d5b7d8ac1ba9268ad0fe32f44ca9a5d0f629e8d3910aca4783e82cc0570fb4332bfc65b04a3f829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
56e13d36197b1d655bcffbad6fb568f7

SHA1
b4f3e7d5fc7eabe53ab5081654bb33aa9d420655

SHA256
b9edeb721603a924ce1322e688693df42c2507a76a53d9f628f2d00f5c5be51c

SHA512
c6a73aae44166fa688777d43a5d414448e46a42c8292ca4ef81e64d2cd61687b358a483e825aa3783c909d94d887033eff5531062c3529c8904305fce29fa123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
56e13d36197b1d655bcffbad6fb568f7

SHA1
b4f3e7d5fc7eabe53ab5081654bb33aa9d420655

SHA256
b9edeb721603a924ce1322e688693df42c2507a76a53d9f628f2d00f5c5be51c

SHA512
c6a73aae44166fa688777d43a5d414448e46a42c8292ca4ef81e64d2cd61687b358a483e825aa3783c909d94d887033eff5531062c3529c8904305fce29fa123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
eefbc2ee64ff925ba907162089553edd

SHA1
08ec38486c827293ad10dfbd5061a852af74f6d9

SHA256
b9984aa74914902d7f0e7e866ec1229430f228cd02242dfc0ed0a50c951a9cd9

SHA512
2788730b513599671a64ae0c32278015666b65542c1d5bf29d5b7d8ac1ba9268ad0fe32f44ca9a5d0f629e8d3910aca4783e82cc0570fb4332bfc65b04a3f829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
dba57202877eb49e19dd1f8871b38e43

SHA1
c7bf4e2621d2b281e7bd0b21d0d6aa36fd22545a

SHA256
7ab908d79a80d71af5ae7bec9e5e9916c1117c17312ebe2308bd0dfaec0253ae

SHA512
86ecfadd6312f2157daafff0458f40298d6d26177efb723f376368016076df2f8393b1676e954cae343066fc3a939967a0eb3ed126ca8b9aeb73a27a4fc00aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit