hxxps://www[.]roblox[.]com/home

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/home

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528348927697037"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
1484	msedge.exe
1484	msedge.exe
1544	identity_helper.exe
1544	identity_helper.exe
2536	mspaint.exe
2536	mspaint.exe
348	mspaint.exe
348	mspaint.exe
2372	chrome.exe
2372	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1832	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: 33	4612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4612	AUDIODG.EXE
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2536	mspaint.exe
1832	OpenWith.exe
348	mspaint.exe
3244	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 2424	1484	msedge.exe	53
PID 1484 wrote to memory of 2424	1484	msedge.exe	53
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4088	1484	msedge.exe	86
PID 1484 wrote to memory of 4476	1484	msedge.exe	85
PID 1484 wrote to memory of 4476	1484	msedge.exe	85
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87
PID 1484 wrote to memory of 4676	1484	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/home
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8a346f8,0x7ff8f8a34708,0x7ff8f8a34718
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,372389696788739942,3674630853184205009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\PingSwitch.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\PingSwitch.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:348

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f7f49758,0x7ff8f7f49768,0x7ff8f7f49778
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4732 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5312 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4604 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5548 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5872 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2972 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4604 --field-trial-handle=1972,i,16645144607555374335,16659483438069655937,131072 /prefetch:1
  2⤵
  PID:2504

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
203a7dcb97fc70042544587572beeac7

SHA1
3600dd96389eb697eaa6e690501aa50649895aae

SHA256
ad24838a92c9a5088e000fd4adc49e295f029f81c00b9026f6fd7a0c93a00620

SHA512
dc57fa463f801fe1eb37d91964f5780f67ba397aeb060d115a9906c47ab6f4fb293159885dfd9d9fe7ca6dbd00a1ac32420fcf50be8866f57be05e79cfc3f54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
c685d8817ffed8e3da254e48e9a0bc6d

SHA1
01e424d7768e160a167dd2c66f3348572e27922d

SHA256
18c6c709eef563fbd65489021af5b9e8ae5087ad81304022883644703614c83c

SHA512
3222bbb34b6e3d3f8fe412fb29e95eb363daab6a27a95ab3409278a8b9a7fabfd3d7c474dbd38afb2f489cd73411fe06091e86647848c156e83a347938519d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
5da4188ceb1c57a41be9f039613697c3

SHA1
b263cec3ec1f3dbcdc5243f56a0050513fa7557b

SHA256
523ddbc40e4b93ad23d270291fd988017a4507f86c82dd360926e854373df937

SHA512
514fd14b65bb8d5e6e69a1a34bb562140c7683103e9074678df63086a77a397fa1008c4386752002c82eef7607111c8cd55b4aac3b1ae3f9f66593e0bcf3c2e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
982a6051ce24ff600879ea2e63f3b90e

SHA1
eba1cba8bc792d1003bd0ecb659bc50fee0dde43

SHA256
cf5b7f401522b3020579ddd172e6269432d5cfe2d6d8e1e29b0a5cdc5f34a686

SHA512
4216b0eb9e70e9cc6337042fda29193cacf5e8cf0615010baf286c59acfc8f507233911d2ff886aca4cb5f01ab04bd3b4163a391484bc29a3e137ecdd5e1ec7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
008aaeb70118ecd26a46f659ce991cc2

SHA1
dee506b3a876b4024271af425f565aba5bb3a780

SHA256
81b91c8ad37e507f9ad9bd1302736e4183629be1ecf0bf21d47a911952224557

SHA512
8e02b231581ab6e8da934dcf81386a368c118d716a3e5731cbdc69acdfc9bcd49f46a38ec91f4363eb9a9e07fa19a972341784fff3d743e963d686990d00a755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
50496e335c464640af7cf2874177f5d2

SHA1
8094f1d1733729f3597544974773c1398484e0d9

SHA256
21567a2c44f1e535f6888f1dcb175ffc2a2a739fb84f6abd4c81b7a6810f6fc6

SHA512
d6ab9f73446f9db8f44458d16b58090d9183b7b3e6c58c0fddbb086e7d54229dfe19ff264b5a16080a7b9e28bcf77ee3f17919073b6a2eab204c39c338822565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c46d7eb7-f569-452a-b465-64d57d28257f\index-dir\the-real-index

Filesize
2KB

MD5
4f5652d7da730f174c4f7a515944657b

SHA1
44da9d588cc7c477635456f41ca7359e1e1eb3a0

SHA256
ef4e093f0924b4b2b8eed7f5e655003d9477638516b32f30717a98484fe7426b

SHA512
79b5899afc61450c91dbc7865d32f7b23d8b81cbe41904a2822263924996b18308946569db0dcc7c82ea3bf7ad7777e6c181b2a4747cbbe7c01db724961b33e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c46d7eb7-f569-452a-b465-64d57d28257f\index-dir\the-real-index~RFe59a7a0.TMP

Filesize
48B

MD5
2f139bd5e46a209d558e494204bcbc1b

SHA1
38f6c9414f58580a19361d6e1f71ff52272953c8

SHA256
c1fb228874940996aa1e69a368fe88fc1c419a891b1133cf202cb63ce8466ac5

SHA512
cc5ffa54dc1d791c5f75a64097546c1bd4908a963bab40a2507637f34cbaf59aaa2740ead20e1a4a32e9b1305954205b44e68d8e9e66dc4593d5906b58f49373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
2159dd350689e9655a3db509e545de10

SHA1
1c2238fed1f2ea9e0be95486f1a11edf43f3cdc6

SHA256
6a5eba510d6a8c0f819dbd3aa178f47a52d9eff3367e8e68fce324c5218be1f7

SHA512
1ce425bb7f9ee56246e704dc61680b9dbff00931ac2728ed6f09cfb35ee2369f4be96cc22853e98fecec664df573e28d18428f248c4d8bc21b767c510f2310b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
224d3e990f98f137936694908af264e4

SHA1
3533d9c50f582ba9bd8ad9badc4b634fbdffcd20

SHA256
04008ce49e3658b30233add14fde983e732a54ce00c3ad763810922de91cab1c

SHA512
b01d20688eeb1719a2b2f18b538d0341589df5faa2d4787445a2d1df2c2550cb9746b7640b8b6833cb3c603e2910ab93aa10c57def1201cfe358e49a23bc9a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe598591.TMP

Filesize
119B

MD5
bc8ff40166a1f87ce0220b800598e711

SHA1
c2afc396792f6a826d33dbe0dbc48f89fb38e409

SHA256
ed5f11a1e810c021c92658fefa0842634117319e4a47817ee65bde076f14812f

SHA512
b4b51556e7eb618a6a0ca1d3bba205df071bac9f25d28cb94fda533b1f6d8c0a1c81895cde6cffc4b6a7c03ad18a261315ca19762680372f507abe916e22ff74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2372_1831900228\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2372_1831900228\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2372_890882595\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
6db3f065865aba14845eeff685f5fb01

SHA1
b06191f93a5c7331c175ea1a292c8a5f9da582a8

SHA256
dda866ea64ca0fced87e3ea535a104efa3160db9d25b360588ba4696eccefb37

SHA512
ebdf34c36d18eb225531d519e628d4f26d0f411161725f54200371effd1ccced605908ff5cc022edf23ebe3c352ac45bf3ff72692fa1697ab871f002d9db9d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
17604adc996d2833e2066890c745fb6a

SHA1
1d04582799f8540221d6156687ad6f635a063100

SHA256
87d3c26c7dd51550a6da5f7eb4d2c918c58208ace3bf1f235c174950c92219fe

SHA512
a4171b0f4a20130ac3cab85cb8d92b52e9db5a28af09ff41e3399b20da2a3344953dd2bc8aa37e07020034771fc4d3580041face29b0ec40c3aabfec5df0c66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
846B

MD5
1e78393e4c7c59599a7b959ae1f96123

SHA1
c4345aa7130b32b9ba518791a81d5b5d80695a14

SHA256
377b390d22bcc8fa279175afdfc5abd98e0cccc0b4d375fdefa8369f4a497636

SHA512
7fd8544e441b97d4addc795c493b097ad91e6e425b842861bafeba1f07ea28be9e4065d1f25c0d938da1613921eade85907d7a1ad914c73cbd3f1b0639dc9f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b29e70b31cbfbd8845c99b0cc7ab859c

SHA1
c1b5784e1a3c5eae27ed2d021839a80df16e2be0

SHA256
9f51219b436c8eadd7b3ae868c67e10a45db3c62d28b1197047074363e9d247d

SHA512
422bc6371c99ea261f8c55f5c8946734a631997c919f184bc06a7fb1eaa16bb58f209f34fc5dc11015d36c7ece8b88ef7a12e5098e58ca563a80f74187e72cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02a26b6a73020521cc59bb0f9ce57a71

SHA1
7e16d356b5c221baab0a780ce067ef30756c9db2

SHA256
a02c44afd554ce0622fd2e3c542658d176796281a9a521212a645e8f9c6132d3

SHA512
37c26c1cf056ae79cd905e076499444b22fdc0cf5a5a83d73eb5aa93d6ffb60f0ec0e0c131f5a2ffdaa653219f5732161cf9c91c098d59a4506eb8194292a298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f16538a2de32572d264bcab413b47ccf

SHA1
8c3ca21d7f3e89d0cf4921482e7535ebfab2d978

SHA256
1b6d2d8f4313a930fff9bcf51c029a4068c75a3105530e9f8e2c8244cf34910d

SHA512
d1cee623a303a7a776336f207f548f9f6e97e8e853000d9d72c00cf060dcc457cf7cb67089a332aa286930ae24ea81f69d5422c25199658047a7a2829b41affe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c5c698cca1a90202ac910ef6667a9d99

SHA1
49550076e0e210e345aa89ed9a8522d7c6352fde

SHA256
921db7bc9f20c5ea1f38224ff96043be6e88b341f8d7226f147a98232e81e36b

SHA512
c5bf235f4063aaa03ccd1ae3277903c71c31860bab13e7ab201e6860b3f419bd18140e9ed47a4317004d27ea2a7078c4fa56f2ee6d5de77b04ccd47c46181d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4adb6521dc03654936f2396170ccd6a

SHA1
1e81532fb95be3e4e1552fb5128a940f935935e4

SHA256
d518c257bd515e0b5982706422d025720f08899bc4602e173da339d5bd2b8765

SHA512
34425e4f12fc86e83939d33a15a3b74f8d199d055c3cbbfe68370e9025c5c472a4bc6e1f40e98318a697708d43d8b478a24ac0016695c9263d1f6c473d912442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc941e66a91330a4d035b55034ee33ef

SHA1
0abeafd0f613ad97028e7d920bfc0ce7eda0261b

SHA256
8a069c0a9ea8fe029f2c8e004609795fd7d6af80dde38a02cd2eb0bfa5be81b5

SHA512
3722899aff503e68ff576d038a3dfe4fbd4d333f039a20feb7e17973df3a0ebe3e60cea3b6dac272448eb42009b69f97d4800276107d9117feaa10d69ebb0f63

Download Submit
memory/928-355-0x000001838AB60000-0x000001838AB61000-memory.dmp

Filesize
4KB

Download
memory/928-352-0x000001838AAD0000-0x000001838AAD1000-memory.dmp

Filesize
4KB

Download
memory/928-350-0x000001838AA50000-0x000001838AA51000-memory.dmp

Filesize
4KB

Download
memory/928-343-0x0000018382760000-0x0000018382770000-memory.dmp

Filesize
64KB

Download
memory/928-339-0x0000018381DC0000-0x0000018381DD0000-memory.dmp

Filesize
64KB

Download
memory/928-354-0x000001838AAD0000-0x000001838AAD1000-memory.dmp

Filesize
4KB

Download
memory/928-358-0x000001838AB70000-0x000001838AB71000-memory.dmp

Filesize
4KB

Download
memory/928-356-0x000001838AB60000-0x000001838AB61000-memory.dmp

Filesize
4KB

Download
memory/928-357-0x000001838AB70000-0x000001838AB71000-memory.dmp

Filesize
4KB

Download