0f949bcc2b6eee21800264fc2a73689349336daee566cb773789e980f89ac6e9

Resubmissions

10/05/2024, 01:20

240510-bp7prsad6y 3

01/05/2024, 06:37

240501-hdggrscc88 5

Analysis

max time kernel
300s
max time network
282s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

65KB
MD5

50c2351d515f9ea10496e4e33401bd2f
SHA1

a3df57bc9e85e38bf8129e2a03695dd092935b97
SHA256

0f949bcc2b6eee21800264fc2a73689349336daee566cb773789e980f89ac6e9
SHA512

01fcedc03cae4b65f13914c9a7c03f3ddae216c555a6b7208cddefb99de1980377f491ea24f43b58f2d9fa8055f3adafce8cc19f3b05a6e3963b5b58ba86f42f
SSDEEP

1536:rMk9GBiBcun7XvtVWlPwoAbNQvmG1+DwwQNmKaXhjz:rMk9GApn7ywoAY+i9K3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597778119606387"	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4664	file.exe
4664	file.exe
4664	file.exe
4664	file.exe
4664	file.exe
4664	file.exe
4484	msedge.exe
4484	msedge.exe
1100	msedge.exe
1100	msedge.exe
4104	chrome.exe
4104	chrome.exe
5924	identity_helper.exe
5924	identity_helper.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
4736	chrome.exe
4736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4664	file.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4104	4664	file.exe	85
PID 4664 wrote to memory of 4104	4664	file.exe	85
PID 4104 wrote to memory of 2164	4104	chrome.exe	86
PID 4104 wrote to memory of 2164	4104	chrome.exe	86
PID 4664 wrote to memory of 1100	4664	file.exe	87
PID 4664 wrote to memory of 1100	4664	file.exe	87
PID 1100 wrote to memory of 1028	1100	msedge.exe	88
PID 1100 wrote to memory of 1028	1100	msedge.exe	88
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4592	1100	msedge.exe	93
PID 1100 wrote to memory of 4484	1100	msedge.exe	94
PID 1100 wrote to memory of 4484	1100	msedge.exe	94
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95
PID 1100 wrote to memory of 4880	1100	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\Admin\AppData\Local\Temp\Extension"
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc66ab58,0x7ffcfc66ab68,0x7ffcfc66ab78
    3⤵
    PID:2164
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:2
    3⤵
    PID:2384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:8
    3⤵
    PID:2380
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:8
    3⤵
    PID:2552
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:1
    3⤵
    PID:2700
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:1
    3⤵
    PID:4684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:1
    3⤵
    PID:1756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4516 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:1
    3⤵
    PID:2144
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:8
    3⤵
    PID:228
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:8
    3⤵
    PID:4748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4392 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4736
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2648 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:8
    3⤵
    PID:5628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:8
    3⤵
    PID:1112
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1912,i,13586694812982466677,16574110760271937689,131072 /prefetch:8
    3⤵
    PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\Admin\AppData\Local\Temp\Extension"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc5146f8,0x7ffcfc514708,0x7ffcfc514718
    3⤵
    PID:1028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:1348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
    3⤵
    PID:1672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
    3⤵
    PID:5244
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
    3⤵
    PID:5772
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
    3⤵
    PID:5932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    PID:1560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5292666419465790638,11400114160994391088,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

Filesize
2KB

MD5
2c6e04df8c26234013130cd3c7912ee2

SHA1
8e14d088346a76fb89b9734cc2c912cc8f6211b1

SHA256
15be58877f7f8f6ed8ef709eddac6222d80580869b7348d9a1b19d88568f1553

SHA512
fa6917443d70170ae4ead2ad5ca74f54266ebbcca56019541252cc4d70cb4c755f92f10198a2cdb5c3b2bb2080081824f9ce282b8a87c3ebcfdeab794e4bad4e

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

Filesize
2KB

MD5
5bea04fc57088ab3309c5c40f581302b

SHA1
42b886ad4ccbc36e5da4d6528a32adcfc489dad7

SHA256
8fce1b5676fe3b2f2c3ea09666699318116c4cd3502d969d56a6af65b8948af5

SHA512
8b1619e39f997b1da545b1940fa45a8fa97d3b15857d97364557ba46ec807562bb53ff51c713b0c364a8d272060b8cc1eee4c1a9a50881cc73fdd4a9294f96f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8dc48ca52300dd456bb388468d603b5c

SHA1
cb755f9ec0dec9b5272ea224a7a01ea52a959bc9

SHA256
61643566edd8a021342b63ba13e8355b74cbdb685b814de5b1aab03d1ca4818c

SHA512
7ebc31d0fbc0ea1ccfe10e3254485f5641eb0cb04ec2ce0287736aeb19da19a9b06b953cbe29bc238bf619834363394ab2d2ec071c21ae0ed7b5dc3276296a17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ef404a76d1c4e88d7ba813e2c2151039

SHA1
4d1d3aee9ad2c74b359091ead109801269772f79

SHA256
9462e45a8832f1d0fbb5343279e8fea158bdf1d543a141c8ffe3e307bec0549e

SHA512
9932da069fcb64e2f4bb26942cb6102190b7264a9fbe24f99a9128c58022ffd08da996e682fd0adfd44dfe3e191afe57b77ed2f4dfffd88c897395434b28e087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7738892bfb2482c064a24a906361a437

SHA1
dda76c8f52c7002e82ee1e64ea4df8c06fbba44c

SHA256
2cae5914ed712c2993e667426fbb9e1e70621ab8eab9acf052855688ef9e3aeb

SHA512
ee4b0b512e2b930a68b7de1716e71cf1803e643f56a70c18560170396686ffc44a3335d0b4587cac13d02b9dab4f6596214bd9d220d05ac0ec0c1c64881a81f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0f13dd86e21715efcb4353d5227adaac

SHA1
3dca955cde9921ffa5bfd0a5ac013bd52564f0f1

SHA256
f970d99e70e9c890b971110046c7c74bc51aaebfd285a131c1a1d14d1077f335

SHA512
14e3a2d7070496f0c755be1193410728c50cedeef6ff16c3a9e405e498abdce345b82b485219abd25e3127ebf1425a7ce16bc7eecfa2b52c5a9698623608885b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
88a2e6b35abcb4c6ac870a4d9d14a51c

SHA1
59873210932620c7d8bddca246be9fb3ace3726b

SHA256
8c9adc70125cc9acf2230aaf6ffddc7bc013905c0e0d283f90751122ace13307

SHA512
7f7c35fb2b12b3be71b09ba0fe55745e4e34ea4c1a21d5576567951cd7d30652edf98057219abe381f3e61442ccd51d9673cffedb923ed27cdd186b9d308830f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
17KB

MD5
e9827c8be19e785d44048267771b501a

SHA1
ddf651bbfee01aaed931b18dbb40b5af3714a704

SHA256
c38845f3528a465099b67db242fd51c8945d60a08ae8d317cfa3aa7f419bcb2b

SHA512
c84a934fdb0e7558261a14e37b933ae3073726b943c5ceb462b9e94046bf7ca639c274cbe7d01afeedaa9ae19c440ed8e258883a59f6b045e2bbe84ee6b71898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
17KB

MD5
2efe372a08a94f247ab6472a0a440e2f

SHA1
e12921108add438177c399013d24874e0a2c714a

SHA256
9b94574cd7c398a5386b338297caf34ca804cf8692ffc1c45b59d0ceb59aff35

SHA512
ee95b7a9c0030a7c3b0fd27c965003507ffcb7b7d3b9fa8ec351cb20fafeac4e79aa51d4759df9edc7116873ca924fa89721ca32a682e2f7500554b7af0dae35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
40652a9823fcfe3235f32ceca8ed05cf

SHA1
3240d701a192c118777a0bec09a27455ce926cd3

SHA256
6321482dbf705e4692e18fe7f4915bfd29fe67a0e26fb326959d4de55ad9567e

SHA512
aed439922132fde8e5663df6c25bd663ed7e4dbfdc71b9e6e7f3f3a9dc6dec252032a517a8d319ae7917eab6467f64fe3b750922eb361d5267c44bda2c0ff2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c62e.TMP

Filesize
72B

MD5
6fdeda4b6ec6643f3429babcfba25c70

SHA1
d927ebb8c3ac5d8fe111c9e789fb0fe748a86d86

SHA256
254a687c8c3796a797231eefbd7e9cd2f5bf7f4987e7b67efad12d5fd1bf20c8

SHA512
b58a0e173ad43f903f042e5bdf1c36fb82a25344758282afdc4029ea1a55f14b68786352d461087e0237fae7861fe382a97ebac11e767267a7e3f1cab49a57b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
8abcad6b63f2db8cb9d58460b3c888cb

SHA1
04bad6979d490dcd4d7d04cdd97ba1e680a4d04c

SHA256
d48d1716210ca8d723a29d21d96fb5144c836134bccccc33d1bb66175ee06c9d

SHA512
8ea6cd55d99ab33b5abda17e959f6c34707f7ce09016d7f207eb46b4578c0b432d47060511426e43190147cb6de2d1a975551d227b5612ea6cc16b24336ff756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
13f56c2deef33b515eabb370f534bc5d

SHA1
c1a5c98a60b77969bdff1e6c48655b65c28b20e5

SHA256
17210286b175b6bea3726ff094569c37209ee65666c3384d54977a7a0ee3135a

SHA512
292b95b7b3d167f803bbc2c05d28f29d331e3b5c64a624c5883b74628674ca8a5240c96e7e3951b429ad9baeb884c7145da022cd49e666c6e351977cd70d77a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\55f9276c-6461-48e7-b481-d2bac171ad96.tmp

Filesize
6KB

MD5
9bd18189fb0618981597c35d46aaf792

SHA1
f6e559aee4906b1617176475068298f17e73087b

SHA256
100d3326fcf65f4bb788701b9a763e9bcf475a7750e0f6662cc1222c1bdfdc24

SHA512
e58182467be7bc7bd9c8dbbda8bed63cd856ecc10dafdc8e6d43467becb62eba8cde6b7d05443c371d6e6290875ef4a8ec133e5ad11dc343374f108e755a07fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
bfa26772dcf06d643f1232a6e9a8f0c4

SHA1
09d7e08e84cd38cf05bbfb38ba626ba4bf054f7a

SHA256
25a8062a127dc404ea644093c9bfc2c45d83e63a0deb444ecb8216a71d9dc969

SHA512
72920a28f581f5d67096d0ff2dcd69740bd9858d8eac717f0f96c2191f13414526dc4eb45dbf2506309c8cc6e7de28b3aadef5fcf7574f6777619354628dd172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
067f518bd5edc6d203a89028e60aa2f3

SHA1
1b81f51d838329ab5c48f9cdfb2668bbd82d1401

SHA256
9774ee20b22edf6424728c47130fe23ed17e660874a4013a5b6221ef21f963b4

SHA512
0f1c3cbdac3260ce7792201e3209a84562593a3aa373829d822eb748097ddc5f14064532c5f7f4850f61d8649e457511304d86ce5119a61e3b23f8b4ec48abff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
55c8c8c63cbf329bbf5afc14d9cca136

SHA1
8b116f43a5432032ac7f1c7e924b1c7375557266

SHA256
acc0ca49a3c5d39c2af860a5550cf4f87a6a5da43472c3297d86ef621c611827

SHA512
8e487239874caf5c3657db9605051f76d83834de625d753347fdd5bed5765d43b4036f582e44477a0297ddabc09769caf39258851930e75817a8908482b76f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
26052127e32eb71cb19db01f137b7898

SHA1
c90fe5555d893b4f1a164978a98b3d48ff1f29a8

SHA256
bb6ef8044477bfe5933f0f395ae78bf5319357f27f5b66b152cc8bfcd3c22e4a

SHA512
6419d44d1edeae54d6abc3a7549c020d3b090de61a8bf26fb1eaf0c72122c3b8326882b1c0538ca33421fe78157415b89b5bd1ebbadf3c61f94eb35abf256f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c61f.TMP

Filesize
72B

MD5
72e88a326f71230ab5464a58ad3e5d45

SHA1
7d9334caec642b1524db2b9d93c1e05f3a400f4b

SHA256
037b5816b9eca48ac7299c70a176caaac0733e083dc0555824e5f4b15532383e

SHA512
64a01ba3f268d097a00727e1f8b6e583c744514c99b3885c6ac021eae8e506646a98538a0855e92d79688c580bcfe0d670bd213ace440e2babdcc5eac32b9861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f9222b2c4bc76743e640fbc6fb56a1f8

SHA1
c4d11bcdacebc117e463c774e50cfd8139e866d9

SHA256
ccd45e944575d5e306b16bfbeaeed6675ea1b78cf059258b224bd0af4436310a

SHA512
54b5ce0d41449caeb3c2e4e85165099b8dcb9a28e6923ea98b3e547f2c0518578e5866e79ebd57555da2f6b4c7980da96a2923178d0ad122a612be582ec5d6a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Extension\background.js

Filesize
7KB

MD5
be34e6301e9cbf4b596fd98bc2aeae0b

SHA1
67e6ef115b39f10c5f9e4f6a967cbafbc1e55c76

SHA256
13f1a9b2d009e0f93f13f4e04eb98416419f5ada38ad5f0f356287a4d9a0f329

SHA512
c10c25fe0b4c94a188c987e910a0a5bbf58bf8b57bc7104aa68f22dc6cf2517c72b0c6aafcdd3124775b156e85e9bdbeb58ab8c5162aa65ccb68d22dbfe4f9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Extension\js\content.js

Filesize
1KB

MD5
9ab0f9320495b406fddb6de1730652cc

SHA1
a6d35a74dc53289794c9a05dc1ad8c03878e153a

SHA256
ab913781705a8841f3c3973af4cfeb14c7ed9919a08ff810b920dca17d69cbd1

SHA512
c527057c8af9cb4a55a71ff5a8010706119fd19b5c354dae046cd498f350c422b10578a3e3c2423e385c81d76d3ece3b057c5f02f8c7b76769e18c5e2aa023fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Extension\manifest.json

Filesize
842B

MD5
afedc050f75b487069f57b36d197cf71

SHA1
d0bf864b9bb9fb774d34a8fd39e4c6badfaf32a6

SHA256
a88c0260db2a3d8a21beb7964cd3ba5697399bf96e94c8cbc4258f55cd9cc02b

SHA512
474a66f12ce4f2380e25658e1048393c2d8a290b749210c79619c0a6d9aed2ec9a212bd58ff9db9c6b198e3533dba748395e9d347b850edfaba890030b847d27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

Filesize
2KB

MD5
2fa7e45e4f736a59f47e5c9dd1b5ebb9

SHA1
c09b610b98446bf37e59f7a7f99d651c3318b325

SHA256
f5604eb339689c525fbb7e115e92c2e34bfb9fddbfb39677f4bab9dff10de9a2

SHA512
b946a0fb6bad2e343af8239de67a452de78c02367d4a22df5c4c2a2897fab76a4be99b7d7042efbcdd50d1f4e98681684bbc2dba00ebeb2f4640d6f8d5fa75fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
4ef051e765d61ac1e2708e087d09b7e9

SHA1
532729ed8496caaee9cfd327d8ec1b539afd6ba9

SHA256
70eb764bb311ba14d4dc430025923ed867da5b9c4aba6097c853e172033bdba9

SHA512
d03cd93791919d89bb01d6077ba45e661b4b756a2fb6e5297e11d5ef3f57fa7bc0ad64037e9cc074ac3783e4fe0f447165b5df851e1cfb33b7177491c20a8741

Download Submit
memory/4664-15-0x000001E77A940000-0x000001E77A9B6000-memory.dmp

Filesize
472KB

Download
memory/4664-0-0x000001E7782D0000-0x000001E7782E4000-memory.dmp

Filesize
80KB

Download
memory/4664-6-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

Filesize
10.8MB

Download
memory/4664-84-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

Filesize
10.8MB

Download
memory/4664-4-0x000001E77A760000-0x000001E77A772000-memory.dmp

Filesize
72KB

Download
memory/4664-5-0x000001E77A010000-0x000001E77A01A000-memory.dmp

Filesize
40KB

Download
memory/4664-3-0x000001E778730000-0x000001E77873A000-memory.dmp

Filesize
40KB

Download
memory/4664-18-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

Filesize
10.8MB

Download
memory/4664-17-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

Filesize
10.8MB

Download
memory/4664-16-0x000001E77A900000-0x000001E77A91E000-memory.dmp

Filesize
120KB

Download
memory/4664-2-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

Filesize
10.8MB

Download
memory/4664-1-0x00007FFCFFC73000-0x00007FFCFFC75000-memory.dmp

Filesize
8KB

Download