8d6644950a7dccce513d98050b0db5b002f1efcb9db6f457c783728cf86810dd

Analysis

max time kernel
123s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

f1b60f3d0b4f02ac47f80a6692c91377
SHA1

e4c6b1e76e84d1d0d3b18c7898d919355d79350a
SHA256

8d6644950a7dccce513d98050b0db5b002f1efcb9db6f457c783728cf86810dd
SHA512

7e23f48f5bafb6de64a9e3aced800d6b750aac3a0f731f0f98238f1beb1cec2e80bf85ad848da71983eb6f238b01ad0721d539a025713cb673938eb0c9013ecf
SSDEEP

384:rt8DpmReVoOs4MN9ylKeGMYU8Hhhbsh67WS2LjFrSy+CVJCBXQL:rt8BVoOs4MryI1MyBhbY8KFrS6JQQL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4328	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560550040645448"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
1748	msedge.exe
1748	msedge.exe
1856	identity_helper.exe
1856	identity_helper.exe
4440	chrome.exe
4440	chrome.exe
1388	powershell.exe
1388	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 4108	1748	msedge.exe	86
PID 1748 wrote to memory of 4108	1748	msedge.exe	86
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 1288	1748	msedge.exe	87
PID 1748 wrote to memory of 5036	1748	msedge.exe	88
PID 1748 wrote to memory of 5036	1748	msedge.exe	88
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89
PID 1748 wrote to memory of 2956	1748	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa434d46f8,0x7ffa434d4708,0x7ffa434d4718
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7885673230243517119,9257600057390571039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3daa9758,0x7ffa3daa9768,0x7ffa3daa9778
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:2
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:8
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5360 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5720 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5744 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2384 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5532 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4616 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4640 --field-trial-handle=1880,i,12079080307967580170,15595640371422221806,131072 /prefetch:1
  2⤵
  PID:1068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1448

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1388
- C:\Windows\system32\taskkill.exe
  "C:\Windows\system32\taskkill.exe" /f /im svchost.exe
  2⤵
  - Kills process with taskkill
  PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7258a727af55856_0

Filesize
328KB

MD5
5d147f10aa4196f1fecfd48bcfaf2e13

SHA1
628b59b2671c8f667f167c912610d1842cbedad0

SHA256
fe3404c3af4a4e74f98738c67792999484fdb0b9913a429984a9143e417824f0

SHA512
e8d0816b96871d96c7000601e9a66719c55192a29d6da27515882d8ee9ab98095e7a17a6decf07aa211a1245638c657e609ac22305099bc4e8ab0824baa17c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ba54061886c82dc2_0

Filesize
289B

MD5
fb9ffd5e00b6bc2043242541cd6c9671

SHA1
922496729b50f9de8d85e13463342b9c615bd72c

SHA256
c56387f6ced9c1af6bd692c539b08063de1dd0eca39639135d8dc80a48107637

SHA512
a504e2c093cd11966086585f6fb561fabb2070871161425bdff9da4d3090cf9b2fc80ded560789795c8c8c2795270347afb4abc8c4a3765c28396ce965a76af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0c5932c740534148846e3e33dbcef81b

SHA1
9e43a8eef702407bfe560574b93d5d51b686a340

SHA256
3e1659230362b9dd6e82478c6b71f35d952472e4715d023e5dd0a85e39361949

SHA512
6fbc697efb89af85d652b0f5701357a90457c46e6d2b5d560240db88c325d340e57e81448ed0df85f6773b194d20f3cb07e2bd496aea387db49b19d8b85df2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
eb18473bf1d3a3e43692e8fcf9751315

SHA1
6250eee84186ad74382ab0464d61702cd2304aab

SHA256
cf5018b61bcaa91574ff90168015654a3155e6fa6609df27cf5e9beba31269d4

SHA512
d2fa05757caf665f820d3ca38b0c5834b87e57ae64b93ca3e43fb2534bb75141072e351b475314a1210d1f870ca5eb0add62bc2b94f9a7ff79d14d30300fade4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
856984406e06350cbd4fc5c4068b8840

SHA1
9cf9d1c7d759e217e87d3073a2125c1956897db2

SHA256
42839814d09cef8b76dc9ed065ad49cd531e01bd758c9c066ef76ebc21797748

SHA512
1d99fabca709189497d22e4484588adc02c1d795429bee54072e96a30c26398b0eb8dc36f5c2bf598bd55ed924a101db4624c7d9b525386f310f82bcbbcc2d53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c1346d34f72b0768619b242eabcd0aeb

SHA1
d92a24e0ce04e89e148b2fc5d4c4ac9980eaead1

SHA256
ac3c7485485a0ab31b85e4550156f0ae8692f36f01823b2a357d12db3adbe4dc

SHA512
ee97ad61a1f5d3231aaae5aeadab181563126bd0043aa67f0cdac7868fdab761f72d70d277b83ab8cd18163f86389fe77c483b52a04e93c4dd9b8d173acaa26e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4df91e14db9b1ad0df2af1a30f0022ab

SHA1
f7d72c818a4c3293845df9dee363cd77088de942

SHA256
ca6af31b173302a0d4bebb510cdb87dbab7d25002b416e21f1d79975cde76b75

SHA512
f4fcb8dd90316852548f802c4e78932b564bc91228d67a3fe92e6301a39c2d6fc94945f7e23099d01a385d71812d388a3bd022f170ee39f7c7d21f0f9afceb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8cf640a4d4a3774dcf4ff7db13abfb77

SHA1
bd888595a23571ea2e208172ad483f1ca633bbf1

SHA256
6fecc0f431064771190d1d66e1564a7ba73adde1be1586dc9eaec091bf81c9de

SHA512
d283c7d68a0e3a4e5f9dea85b5a0fca70610abac996c4422ba0ccade0eac2b942bfbc5e3053ddcb48024e061fb854017f4f08d8fda81addc2d224e113500a390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
54f052149fa93c1b3cca391b7d14b8f6

SHA1
7e58a007fbf20a7eb6fdf67b8fdb956b4a536dca

SHA256
bf72ed5c7fa88ff5dede1633eaceb0c3b64c1ba248ca8d3a7a8d8b68f15d6098

SHA512
59d1e19e1b9bd66b9669325caf456a22bef3ba4bf39688c6ba879dbde798e32f75f5e22f357e03ab8ac34e85f76f3f1ca54690e37cc0581bedd6ab150917080f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dcdb288e0afb712d329c6afe1744315e

SHA1
3c8ada24e141b00aaf03063462450feadc3ac8fe

SHA256
da90b61e1f9c6d7ae11eb616aa28b8cf6f07b326fc79a1969c116b7eb659b86a

SHA512
19c33be98e4ac06382efc7b963f9e90eb19ed16a620b042feccc30913198f1f0192ce7b8264b77fb8862e29363dd0a8b496fe0212d07f156b8641334d93ad915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
58a56ad5120810a3ababae9d7a06ba29

SHA1
96e2044e10e6ec8fb1a3cb3bafd3e4cafaba37b3

SHA256
ad1c5f1802ba8951c572b93c52f2a38179309c8fbd6e15940fc7e8e84e8184dd

SHA512
54c744b947fbbc391758861ab79e3a9a2b7f9105d78b61e03df163ba6eacd3b5dca49f387f5e26e7f6af1ec106efb070a19aec5ee25bd647bd3020dbcfa599bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3f0ff581cd4aac50c3cb0c73be7809b0

SHA1
1880a0f38709f71058717e6f6051760f5e83319e

SHA256
3d9ed03e7fa24a2d3d5399e82bb791f2d478fbc623e6e8ffb4199d860131c26d

SHA512
af6f4bc1f8c00e219b225903e1486fa8d560fd95c695679269f39320622d352eca4fb56ad563069f16b3e80698b45b03a7cd5d6495445070a5b859a5e36d34f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
34ef2d29014f13ca22ed1bb0bf7f1e2c

SHA1
9a108fffe521abbee9e60cf41b59571065c99b01

SHA256
eb0f3c4cd607e621e1b21c8a93b3c0d1da74d53c8a20fc7fce86bfaa86691c8b

SHA512
ad5f36c8a1d3e090f19187ffde64fdb45f7e8c64d88436a2f8491bb0aa1cb96ef468da1fe5b14cfa49f334027f6911609f812f29fc67ba685b9932a785583f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
abcf7cd823a5534ef0441c942b99ebf1

SHA1
0924c3a430d02daa9bc408756a81d328e6d0b9ae

SHA256
17db38343ee27535928662dfa4c18fb11cec61b51cac92a2240ea3d4f2fa4d23

SHA512
5b79d21ecb3ff126338354a60daff25a0054c144728e3110242fe91591c5422f2a1bb9e738460d24ff128056e75db70a8b9a521dd835eba5ccb9d13df14cad13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
abf0b33d896672834d273702a2c83e98

SHA1
9e9339c5ad8043d7dff7b3f2f60c5797ae2a12c5

SHA256
63d075dffe18d9605f78db89eb4912c9ce07a280c87c846661b265f3aa991540

SHA512
9db25c3134e79fb0e0cdde15e355f4740bd445805b0520fe38ce84faedd8f1748c05e07ae4d7416e1bb5a5cb16883db5784dd3fd2e7c87b8afc8be438663c6a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dca8d8ae88696fb0e53315fc81d8850b

SHA1
b6f8c517c3a115bceff672059401f949fb1d57a3

SHA256
0f3a3cfca99d9aa9fcc190dd881e43c7164ee00ae2cb7030defd6510eab1ab9e

SHA512
8fed9f2f9cab96dea45d36ad80ddabd4193728970255424f0f06a14b9de3ca1d72e588c0d553cbfb63758f39eb8dbfe98b20ee461a953f16c68a6265d992f6ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a0e868954592812617c1dfd60931014

SHA1
143dd75cd6c35d17630231dd5a872b35f1f0c00e

SHA256
b31a0b923e7ccd23ee148f76f82d8a9150f7a99843947c699b27dbcd74b8c3e8

SHA512
ca17f6bf6a36259c79089e4ab20fa8448e68ecba365626d92153fb14c54a81b4158f52d56e08248ae1a7a91cd94956dad6b1ae23cb53a39d7264623611f18918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e03c9638b9b975ed0370ef1421592888

SHA1
0aa97e94525b4b6b0dcfa71feeec9e63043ab605

SHA256
8322be04804f556847c5f93991a32a3c1a4c0b1813c7ff4c3bcd775e0a694124

SHA512
e3fa3d487b4b8bab8f51a4e2201d855ec5a1b7eae6892a7cba776222b97b2a4f8f4c0fa9b686f5ea73ec284eaf373a4b8e911e53aaee13e4c04d631bed0609a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
571d6a6c8a73afc2d9dc5dd9aac98f0f

SHA1
78906a0abe7bda1f50525a0af5ad06c48cb317a2

SHA256
4b41dbf32d1132633efe628faefc5e74c45b8756b7d0bbc2f71ea3a02ba85b15

SHA512
523e6ee5a3caadc81e2f74e49c841e49a33f782cc7a3b2c74cc4b2d9cc8d33fdbb513c0b708a98077ac07b15bcc07855ef315c6255799352d63acba836f9da60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
0dce9992ea6b98a8c258b687bae83c1d

SHA1
ffc3fdf816deb251501eeb9dd94a0ce8ae3a87fa

SHA256
7e1f25f4eadcb09f79a5044bbbada0642550e52ee27ada95b9f2322b510ed2c6

SHA512
e4eb442c3ad04f67db8d9275c19385a97aa78cec757fe88b995e0018403defc633c366efdf02ba542bd817594b89b207229d96e5c9be0de4a0256d9bae316897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
8ca5191622a3701d16d10364f6d22a1d

SHA1
fcc7beff57c1bcb27d3ac6604cadd6c209030265

SHA256
91f0d1db25df1339739b04c0b6150f5e3e665d0a2e6af5a0e647bab0e483c251

SHA512
f2eecbc49f8e786e22afe41fba4b138a0285df08a089cf652aff489f0ca5a1b256a074d23d08d974c02343552b7b692a19a7e5d4942297dacf94489ce6dc070d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
5a50cbfe6eb3783eaee43ccc9d868b42

SHA1
8a1a316da4b0bdc511b3427c486870d65d8e7d40

SHA256
ecdab7a311611e902c627b3ab1ef66fcb9fbcda64ea5974106a65d3f9d42778c

SHA512
7cfec50b12e00704e6dea37b161305e9f5719ed22e791b5d457f928bcd7d12c2f3ad120977fb059be8386449170a84067c4d1fa7adba1c65e0cc5c172a2116b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5966f3ad30acf00ab325ca8cd136fcf4

SHA1
c6dc71a25c9d433b434cd72c073049cc85619c9d

SHA256
deaf86cea68ed2a47c5ad055116f05e773979ec211a89f38bb0a929a9e672b07

SHA512
d20035d8a503fcab84bff840cff532e912afbff2ab0280151baa40fee2d5896962ccba6ff2420ba6d45f76a1581a26d3edd8ac09daa49428a5c550a839ac8687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a54c117622cadda25976aad6ce460214

SHA1
d86b395957740b1325aa18b66c4d4bd2091a600f

SHA256
d3737a53cf359b5f4be224cb9c779a14572a334249d0bb7513a5fe5a226c5ef3

SHA512
087c16fbbf3c5da76fa2cdc682368028c99767c1b0f2dfcf746cbfc2b3241dbf67db936e1c094cdc101ea7f264703eea476061df152b126069790319e0828e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
910de8532e7ff38cf64213ccb59d7c06

SHA1
e4fff1f469d7a24d36b736baf5820b4183e72f44

SHA256
b24e486194c74b76f415de787e16bfafa06c87f52f8bfc8348c89acfdd6aa4c1

SHA512
eaac0dc20a4ac602e9a36b8e1639c37bdc67160bd420978ae5ff075762a5bc2f56601b2d3d1d9389fbead8c07a2db6d9367a45f27985cff715d1f1cfaad30075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b343039dec6942c549eb7a42c4b515ba

SHA1
acbecf4fa948bae2eaa26064211d4396fceec935

SHA256
17f9245ac66e5b9357b4d808a6b87ed36a990c6568d7607242609015fa6497fa

SHA512
d241ce99bedadacc5e1e345e23e0ccd64976853be4790fe5ff7dceda1b88931f7a4c90d09caaf7115f33930e50255bab0506557ddf2f046ad86d6cf63a024012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
603441844c09acb04aa2ef5afbd5fc9f

SHA1
ffb5383da5de191668ffacccf9609ff9c2223ee4

SHA256
e9210aa542d07b6f7c41469988e64d6ac64f2d5914610cbd9ab355f2170c28d1

SHA512
b1d52d66ae01440c9a9e8d33c6f3e76e69d3154886c6abfc69066fb5d730ab2759a216b7aa8727155ac076ba040031252d934dfed20436fda5bd72785d7b72f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_n1npuqav.es2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1388-497-0x00007FFA33880000-0x00007FFA34341000-memory.dmp

Filesize
10.8MB

Download
memory/1388-496-0x00000270CC180000-0x00000270CC1A2000-memory.dmp

Filesize
136KB

Download
memory/1388-502-0x00000270CC220000-0x00000270CC230000-memory.dmp

Filesize
64KB

Download
memory/1388-503-0x00000270CC220000-0x00000270CC230000-memory.dmp

Filesize
64KB

Download
memory/1388-504-0x00000270CE6E0000-0x00000270CE724000-memory.dmp

Filesize
272KB

Download
memory/1388-505-0x00000270CE7B0000-0x00000270CE826000-memory.dmp

Filesize
472KB

Download