hxxps://hackertyper[.]net/

Analysis

max time kernel
299s
max time network
263s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hackertyper.net/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587038775908897"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
3900	msedge.exe
3900	msedge.exe
1736	identity_helper.exe
1736	identity_helper.exe
3896	chrome.exe
3896	chrome.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2436	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeDebugPrivilege	2436	taskmgr.exe
Token: SeSystemProfilePrivilege	2436	taskmgr.exe
Token: SeCreateGlobalPrivilege	2436	taskmgr.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe
2436	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 2164	3900	msedge.exe	84
PID 3900 wrote to memory of 2164	3900	msedge.exe	84
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 1148	3900	msedge.exe	85
PID 3900 wrote to memory of 4892	3900	msedge.exe	86
PID 3900 wrote to memory of 4892	3900	msedge.exe	86
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87
PID 3900 wrote to memory of 2132	3900	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hackertyper.net/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2f8b46f8,0x7ffb2f8b4708,0x7ffb2f8b4718
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb2f37cc40,0x7ffb2f37cc4c,0x7ffb2f37cc58
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4884,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:1756

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3696

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5016

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
834add466f7fea70a02cd0e1101189fe

SHA1
07e25f34f2f76b2874ba29a484c2e3ea78147235

SHA256
d070b01924c8cf99b0283e8a0c6e392213722f1149e6fbc855bd99916ec8403d

SHA512
f40d056dd847970fa4de88f28ca7e4fb8bea28f68b978f1cba531829ecf18f79e83c18fb0a164a33e548e3d08c804f8409db269926e053659a045e0a0449627f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10fade5fc6729878ddb81384b33fcdbd

SHA1
0d54c7a883795eaba9083b8fbd86bffe1189e4e9

SHA256
67212d72d0b8cc3ab1d8e10dd362d15e65066f10ad7538b14f7b8fb26b0da0d3

SHA512
7f33d5c5c6283e3ca1a677310a69d529f10d08b9cd3c1253762db72d09289383c40c69d65c2b1e0a1070fd3555860500acf9ca484ce9872b88543efb6726185a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ded250fffb3eb3585954ae86bdc57e3

SHA1
84966bf684c06fea6d22ccb302e066786b60c6ac

SHA256
9568c04779bd446355cb98201044e66eaf47be9f3ccec27dd14a1e2ef9ab964b

SHA512
ac552b9ab73c2c8078d62a4998cf150d4da87ee179ce6b41eb96f0bb0415aeb26a7357d9764c3be49be7b1896764a744a25863b2a398bb18ba71c3b32378dede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7d5881eb30d92be21dd509f69bf26e7e

SHA1
4e787165d2861673a251c1758e68e53376459046

SHA256
3670f9d621145c7afda2dbd7f257e984713fd636c9d495b2d55c911678dbcab1

SHA512
a570b643d1bf1a77601420146d7f4712ac35ea0ef0303a1b6a143aedadcae2bc210818f948c874fb25e366262cbce5b17082f86b1c77503748aabd865697dc92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
12a95789389166acdd323d25dd7a4f0c

SHA1
adffa1f07f916da8a3d91fdb4629b4b370c074c0

SHA256
4989d17954dc362500a05b4aba0f6ebc70041e5159d51beaec457ff5b280ae64

SHA512
7b545b83bf9bbb014690fe93fad83e72049e8c9252af14dca542ae6d08077f19e41ca9adf720faba5208e6ff6171ded1773440f6b8c87839869aa0a9f94e50b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01206cad3a73b50e0cfd75f16ed48218

SHA1
959eda496a466d121bab0ecec2b29db980d1a45a

SHA256
e38af6017c148e83bc86d52bd62b25d15ba46145241403dbabfdac8f00ef599e

SHA512
f2395bc96797effeef2326791c06691e2d97a08c80e0c30e127842e82892435a111480f67eb1976e1233c0db6152e86684fa7eaeed88eca771377bc592e88a33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
386599d20cbc80a80192683485712531

SHA1
6c3ea6dc8013ded5bf43a133b1a7f8f2b6aaf1ba

SHA256
76470c2325ed922fe1f6d95126b4a3959e608685d32f389665ecbca49ea74d74

SHA512
abfe662a31f60a6c454e0a540c80cd52149d23048d7829e8285340d3c2e83fdca302f4a6b6e6d953421202af247babc92f498163154bd707aa0f839e31518dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46d33dbf4fbe54c938cf45e3587a4351

SHA1
0126291b942186ddb755ce99eacfdfbe3870f112

SHA256
bf06064556fb695134f52a9536b9cb8cebab0faff9b37a1af75e0960a583fbfa

SHA512
1ffe5f1dbed0926b1d73ac5585e8618bdf52389dcd3ea93e05e41b3ed512a731e7d5f6e666ca8c09b06c33dac80fcc181741722570058c99c507ab1cb8436e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a78077a4566a8e7c73846c5e0cf4c43c

SHA1
ba575ba7def8792a4335c3697d157523dc240837

SHA256
c80c474fbae217a575330da17be94dc2affac726fcc50a86edad8ab5fc25f58a

SHA512
0a54bb3f626cc466cdb1f299325656d1a9dbc5343f4c0ac4daa4fc364e49e066999d332fb38fc88d09b56cebb14c64a4bbedd7da0e6441c8307be03757362011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94ce3ea2071cf02f65a31dfa4000cbda

SHA1
68dca877288bec61cc3c32f9d25e3cee547a011e

SHA256
30910e03c861f084501e6206b3dfdf2a354abe1260adb98b5e50c21a56520436

SHA512
4ac5c17d42fcf25f53005cba3403e1c29a164416472125d47f97991e3befeaa5171af9681d48522d233fd0744a2076fd9c0817641649c4876789f777ce635ba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7789c50a5d9f6c3455213ef7d9745aa4

SHA1
6120d3d506dad6bf69bad966d378f44430b1143b

SHA256
4ed4050d26c6d247a1e7e76b1abf3578bff930da2591f1fc16d2d84ddc7f5019

SHA512
cf81cd6ea84551146d99d00671e7a3e97a578a961007a573722f799330f3d997a78e07507ab4e56576244fed967f01efe8a06b9e144b0b5d2988f5fd2aa38a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d3277ccfc599aac55cf93d52a9bba25

SHA1
b9ff343c1c6dd3c76ba2df39675c4d5cce936b4b

SHA256
1f56d89809b82f0bded113e335271cc0c3db351e1c142086aca96f3603c229e2

SHA512
d5590a74a9ebbf2035cdf412f3aa8aecb6bd7ed9f78deeda59e64167bc0fedb32f31fe818913967946f753c95cc7c11ecaa59827b54ec2dd706ee29e95161093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c6a85a28c5cd718eec802c27e706cdb

SHA1
0147f063369aa424b1af69049cacc02ed6fcdd59

SHA256
b6a643b35ffda8c949e804c8be4b2ce7e3b736587f82d437a0bf4be10a1ce34b

SHA512
3017d566d52982ac3fc24fd8ac8d9237dc7e0daf6fc20b31e8b3bde1495e1b0b9b238700e02f7a43c6179544f8d4b2bf2a1c7da8c9160cc191d16bbf2091b7e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a67e5d1e2577d2280710a33b364429d

SHA1
a2f2eaba38a5b28ffce70f27317184b1dbaea628

SHA256
eefb040fb02fab2a67e4aab6faaff67549ad2dfd800a4ae989096b096ae0d858

SHA512
315999f25fe0192637b956fd700cc502689888ca7c2f8f6a8d88ce88d613b59b3d48ee4cebe5c4fbabcf56731fdd3c37f3f130cb4f9143f5fdfe1a58ce8ca00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fca8e56f02cddf0a79f5d128cb7cabdf

SHA1
606ec41e1545ff332eb3f1cb5765108d10f1f581

SHA256
499660b210129eca18370e33dc275eb07b9754e4143e69a1286c81cb084f0c4f

SHA512
74f714d62ea7d8b5f0580962a0495c4555d33ca3262f942dac54d3068852b6226f7ed4be79fc5d1ac02c5df2a3ffe5b49a32b94f6a9c3bb0fe3fae5b4a2a458e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
f695396b203600eedda4a0e0b0074071

SHA1
d6c894565e5503d4a87d307f1ca80a01bbd638fe

SHA256
848035e060d990c6ded1bbfadc0cc5bb647e79ce234274ae838fce970e414f45

SHA512
60a057f54d99db716f25ff52bff2e77fbb6d70c1802517e9757c2add2dd80a90041f21f6df6afdb0fb50575cc15d93be52a2bac243525789725a33c73fadeb88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
2abb645aa9eebb4c3158cfc46f77dbe2

SHA1
471736ed4e1c3c0387444836e69ae9a3e3c16f55

SHA256
ebe2dcfa25133bebfd8d7743677e275de8f8ba22fc0bef53b0aec9a20402c643

SHA512
dffbe503a2c4623465a516e446c27549e83b31a26860959743a48ef28703953690ee2858c293164d2b41edc427163d70f713a03aad8d986f823c3e3cbc581d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9dc60aef38e7832217e7fa02d6f0d9f6

SHA1
4f8539dc7d5739b36fe976a932338f459d066db6

SHA256
8a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32

SHA512
18371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ac03b15b68af2d5cb5c8063057cc83e

SHA1
9b2d4db737f57322ff5c4bbddd765b3177f930ab

SHA256
b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700

SHA512
a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
445cda2efc3a5ffb7d1e05cc3c195b3f

SHA1
37d50a61ed3ec1a793a45d0e74e56148817ebfca

SHA256
42c3e0d4e53f04eab82c8ebcdc17f360513523d4db02ede482dbb3346f244058

SHA512
83372878b6e510dbc7d17be2a2ec61c4d13cc0a790d9c937fbe096f7066a2132dc66e5f4d00fd55a62cdda888571fc07ed5f0425885b7ae0ed03a3cd2c3b7815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28fe816e4e4a55f0d4a93b1c59f4ac0f

SHA1
8899859f8d27c53e117c3c1f160ce05021fa192f

SHA256
d84f35ba130a67f058c7790982583f4fa78d4e4bf233e9b6bb1903f0042448b4

SHA512
4efe2a9208e203b8267f6e42464b3ba10bab501944779070fa0b0d260243009db9ee8382e488837fd213ae58eac0944ef62e1e5c2b68e10cbff066eecfadbd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af7a2cba23d28c9cb7a1dabe4875c539

SHA1
c676587bbd513db3baea7b7208af12b0449ee03d

SHA256
77c90ff21923621e78698fe3459016e096f05e0307e16265b88565374ef467c5

SHA512
7e25e74be9ace30a2f6dfdc9d33f44ccd5ea46a4f5d3e23afc8ff6ada740f1fb5891b12af5bcb618204ba7489f978895aedf4469a1274edc5f5415ef5bbe168b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e5a578234c47705127f67c440b6ae97a

SHA1
2920b692991d5f7be37fb68b52e6f5a3a3c7e0f6

SHA256
e5c22380fd983f5ceac5e066348b4f31bce54b8c2a8094be4dd2e9d8b5c77c46

SHA512
748ed72544a22fdfcda91a2691b2aed214354c4409bb2baa51f512ec03d0eaace10a54866051a28c75e030668adf4f45a9ead21869f35993558f8924bf29db3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c95e1c32229fd32798b3fc521874a8ba

SHA1
8a3e79f6af17f8fd22811b6673af6747d1903baf

SHA256
f22e2c7a3297227dfa33c3fdc97634d85cd1fefd86aeb91709db8b9153f6a8d7

SHA512
848fc681ec2616e392960798e79f578c8d978e1918f8bc179b2c78212d5e013b337e6a578b86264227b58968ac7bd0f672d7b12461454f5cfe73a8242cb301f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/2436-181-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-180-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-182-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-183-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-184-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-185-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-186-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-176-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-175-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download
memory/2436-174-0x000001C8FB340000-0x000001C8FB341000-memory.dmp

Filesize
4KB

Download