discordrat | 574ecf23ff525eb558619e23ceedd487d51bfc740e7309d2d33f640c2bdc3c93

Analysis

max time kernel
962s
max time network
967s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11-05-2024 07:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

61131f2f21913b8bb7541cee380dbe2e
SHA1

f5deb3506f57ffffcf6f9a89138bf43dd357354f
SHA256

574ecf23ff525eb558619e23ceedd487d51bfc740e7309d2d33f640c2bdc3c93
SHA512

bce15457dc1e71ac04ae93b03ab1623bdcf9af66df64addc35d227ea181dbc99a0a71e160256abcb6426f4950d0a073ec80a37143389f443d9eaf338551bfaef
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+CPIC:5Zv5PDwbjNrmAE+uIC

Score

10^/10

discordrat persistence ransomware rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzODc1NzE3NzMyNjU3MTYyMg.GuA-3-.g9QiCW1B45EpLzzB6J_2LKI2RFzAtkJhJQ1liQ
server_id
1238756667693338624

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 34 IoCs

Web Service

T1102

flow	ioc
17	discord.com
19	discord.com
11	discord.com
13	discord.com
86	discord.com
93	discord.com
94	discord.com
82	discord.com
85	discord.com
120	discord.com
10	discord.com
15	discord.com
16	discord.com
97	discord.com
1	discord.com
14	discord.com
36	discord.com
90	discord.com
98	discord.com
9	raw.githubusercontent.com
80	discord.com
88	discord.com
119	discord.com
121	discord.com
3	raw.githubusercontent.com
3	discord.com
6	discord.com
92	discord.com
95	discord.com
4	discord.com
18	discord.com
84	discord.com
96	discord.com
116	discord.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp1C26.tmp.png"	Client-built.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpC4DA.tmp.png"	Client-built.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
1496	SCHTASKS.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598879690482118"	chrome.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
2996	msedge.exe
2996	msedge.exe
2420	identity_helper.exe
2420	identity_helper.exe
2252	msedge.exe
2252	msedge.exe
888	chrome.exe
888	chrome.exe
1584	msedge.exe
1584	msedge.exe
2544	msedge.exe
2544	msedge.exe
1480	msedge.exe
1480	msedge.exe
1280	identity_helper.exe
1280	identity_helper.exe
3920	msedge.exe
3552	Client-built.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	3552	Client-built.exe
Token: 33	2472	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2472	AUDIODG.EXE
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	3552	Client-built.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3552	Client-built.exe
3552	Client-built.exe
3552	Client-built.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 2996	3552	Client-built.exe	82
PID 3552 wrote to memory of 2996	3552	Client-built.exe	82
PID 2996 wrote to memory of 1048	2996	msedge.exe	83
PID 2996 wrote to memory of 1048	2996	msedge.exe	83
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4896	2996	msedge.exe	84
PID 2996 wrote to memory of 4496	2996	msedge.exe	85
PID 2996 wrote to memory of 4496	2996	msedge.exe	85
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87
PID 2996 wrote to memory of 4492	2996	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/WePNs-G7puA
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe10ca3cb8,0x7ffe10ca3cc8,0x7ffe10ca3cd8
    3⤵
    PID:1048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
    3⤵
    PID:4896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
    3⤵
    PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3848 /prefetch:8
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
    3⤵
    PID:724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13926520250807512855,17049866606440193873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
    3⤵
    PID:2252
- C:\Windows\SYSTEM32\SCHTASKS.exe
  "SCHTASKS.exe" /create /tn "$77Client-built.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\Client-built.exe'" /sc onlogon /rl HIGHEST
  2⤵
  - Creates scheduled task(s)
  PID:1496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdfb7aab58,0x7ffdfb7aab68,0x7ffdfb7aab78
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:2
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1824,i,6592082312222812446,7802970811765047694,131072 /prefetch:8
  2⤵
  PID:4616

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffe10ca3cb8,0x7ffe10ca3cc8,0x7ffe10ca3cd8
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,6210266898290620700,3890055452138039322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ead5c087a5cd37cf96fb91dd97010b34

SHA1
a1a3781e6d0e557d7dd801ede3531f942d6ff43e

SHA256
080455fa151901ded3c2d819afc7efb222c495f99bb2fa2589c9b0c0010e4513

SHA512
ca3d43b1f80cbb00b8fa8905dac5f9014b3975d3fe726dc2ed57050d46f5fb225e3233cea7184063e89a2fda50e08e758fed5c6c5122d115a20b77df001bc4b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5daf8362e9efe5bbb3ef8b3545eb4466

SHA1
e9d983edecb4c2a705f109eee02f7b6e05665c70

SHA256
0d8be2e4209f8c3dbc3d7d16cc8e1c4b615ea0dd4ce105c3b4f1b95abffdc5bc

SHA512
d41b316fa4a0289e88fbfd7b3626cbcb14073024e747a74f4ad78b0aa04f25798ab9d898af68e492bae794fffeee4063b5353bc619a938b29efa2d7db0744938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fb953ed140d67272bb889c8c70c6de16

SHA1
73ba8bcc2d5b816e9f131352840072a85fd92d50

SHA256
c59e1fec9e21ce6118467bab7d78bb14eae790a9d2092ae7ea82f54f57b91e50

SHA512
ca40ad690430c7576590828514bdf358bbea59970ab42e498b5f427b0b174c88b95dbe4f7f93d2528d205f6cb65a18476df8bef95ac99ba17f201f5b321e01f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
faa4113843dbaf9b975a400192da2180

SHA1
af8bedb3e6df3ad20e043d5f9455bbd5d8232c34

SHA256
4408870276a3015113ef20fc3fecf4369957204c189eb1d964af71448cb295e5

SHA512
15890507d4838bb0ab6b2c1ac0da384669b328f4c0e17ab7215fa697d40f5617b5380141a9b1dadcaa8205590977d442c259a9dc5da723116c18c0a6f7922670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
446ab3effb17db5c8fd3debff9c48a85

SHA1
8f731a9f60e9e2fd7fb8f04ba8f00fa5503923bf

SHA256
09ab318644e51958131cc262392c3086f0a9e100b49656178d4e3008a542e755

SHA512
7551bb0e7bcaed305fefcd98eca07d4a48b465da2bce1eeb8dddc38fbb56943a18a3c7db2f39e4f5c923f7b246886e94b0620572385a266d0b31883b38c32fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c5042350ee7871ccbfdc856bde96f3f

SHA1
90222f176bc96ec17d1bdad2d31bc994c000900c

SHA256
b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b

SHA512
2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e027def9b55f3d49cde9fb82beba238

SHA1
64baabd8454c210162cbc3a90d6a2daaf87d856a

SHA256
9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83

SHA512
a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ac2f54a7f807332724cab531a0d5ae49

SHA1
798ba0657bb605b54e932e51429c88fa2da3ed25

SHA256
091765b2683cf149861e7756651ed59efb4e28d61d8a8b8cdff6003561c8106b

SHA512
325b2a62c86c34e34965bdb6ad75e1b0caaf96fba563ce5bdc2fef94360919f2ed7d9a2c4b8cc06fc579a62ea3f11a4bafc53e580e08f58838cdb91166d957f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
07b798b962748b01d76a032400a32407

SHA1
0fa1ead06e815d663f35221acacf6988e869ff53

SHA256
adaa88014bc0617f759d8aaa0b12675b5d65c912c8bec5543f30b9c54d31d8fc

SHA512
8c355e67260717b4afd4f6f8d2e64fcec9cd6e1c89fbb857191ca58cb34753a5eac845b6a06f0d1e74540f1c4373b66006e4f123acdc902d2eb58cc660c43f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7eedcf55-74ff-4eee-b944-95b9c5c23236.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9573079aabff8bd60108d067fdda9614

SHA1
beba567b1fb9c60204a2fec79bc3c76e3d128a20

SHA256
4a1de0fe10663fc5e1825c42092274c9183ab5039272fc64bf3eeb62f4eb5df2

SHA512
252375ded75a586be680d6b89071c438ab4870bb41c2f2d2c0960d12b4e9e2781d1cceb0ac38626a67b05d4fad89f820342b29c249d9290e777045bb701334c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
c60d01e57f745ad8cee04c19f38daafe

SHA1
f356081bad1f4b3a0a8803499995e76cec67439e

SHA256
566a039494c51f6db3d661fe31f3b8c7d6ea617899c4d4d56bdf50e408cf38ae

SHA512
837adb7a5786abeb7807e8938b9c1b003e893ea85a41d064989f6c72d7b0aafc99733af51292d1c42438db131864fa4d80a262ed66aae77a81fce8d115e79cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
b1bfff9a18294a6fde29a33db5dfc609

SHA1
bca32e46248dce629bfe8feb9fec9c2ac996dbb1

SHA256
dcbaf106c356cce2b54af4eacdf661dae1dce89c757647b431e95242c71f74fb

SHA512
3b865255121dd4721f506ef2a613be7c1f60828bb675077a1db7dae5736e83ab7b5f007049944960638407e00ec623687215cb126f91c2a699232201afbb8b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
94fc64f3202c09880aff8ca4909489ce

SHA1
7e36fbcb40f4b9f66a1952c8fc320681bab736a8

SHA256
0285e27ec4c754b095b5f40d57a002dded91689b5edf9bb3ffa3d7869330fe96

SHA512
c306989115de0ba63f1c8ac000160bcabaeb474a24f41e571557089fcb4ed024afc0a79c167de85b1aa5a7666b707703b7111287f5ff630e9de0137071b0c750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0ce9343a88553e05f639ac2112bcd284

SHA1
64e0a8c067234546a26295d26918608297571c4b

SHA256
5970c2a6186d80db508ca59f5b198c3e34c7a3dc9771e4c9b0b8c3a83a60b5fc

SHA512
64dad00438d4389400aa3975e938c59782320472b2933ec5c921219fd4eff2662b37d719f73a1a0316ee8904595331854bfcbebc6f6aacbb2f63d3137f55b8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
74367ae0ba9422b0f8d1b4287b5940de

SHA1
40b753d294b2d2e1b9372922f03d6c963bba2ee4

SHA256
d928bc5d8c2a481d9e0a7f3b5dc9839357f12330c1e98355866de142dbb972d2

SHA512
6df56aa4afffbf00c93ee80c9ab09df245a01107c699cd1e3b9d12982e48b9dfb2f29972718825acb8d2811db212571e8aecb8ccdf8e78cc1ae7ffab444f3303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
2518968c203f7f4b5fe9095f62a8ef09

SHA1
3e1aec30af4fa79f38a864b253be636bed51f5e7

SHA256
7aeb10d1ed6018b7318d32e0b526a29313d47d474cf7ed7794ebd0b92266638f

SHA512
182a8fa838889f3e0a436cbc4477b42ad8d697e70746e0df0052b7599f557a091e4dc0268898dc7d9b94a89fd5f983ab9e83b8b4e807db4849598b7f3209556a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
65e64bb578c9b65f39ff04ee9c97d569

SHA1
8208659b58df08d4d765e725a472037624c9e143

SHA256
421e50713690bcc55e90e8f5703ee9836cb500d75e9ab615b649b111360011f0

SHA512
70675880799378d03fbd756e845d0d6ca83f1e85ce77164466c7b4fab6061af800e57607256a5d107df87120e6286109723a1ad2463d9252fcb3199430a75296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
9a70e18250afdfdd0bf2e53c4123056a

SHA1
02d0d43e4bdbedcca890208b3f2f1c4887380df6

SHA256
f298d25b4ce09721304a21a0e47b8f204ce0e30703c93e2654da145978021e37

SHA512
2046b74aa90866605145aedf4a9b6cd2f750245d130d189fa9f3294e43ed652f7619d44cb72d5a57cebcbb931dc25c0569ddf2da08c926cd19d28b388f4cfa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Media History

Filesize
76KB

MD5
373112d719e463ad161de3149182fe64

SHA1
c0c3baad524b26cbff91ab1ef11261bd18d4238a

SHA256
a6df3c3643a5dc46384a8140f7a862f5e88f60cefd3f7d0c323b63d561e4ebfd

SHA512
53bd08bbfe0037203ee455e13127f21a826acbd0855ca5e24208e40fb9b434a022f3768b92fff7b842c103dcd33caffcf277039afc53c306456775d39c60bb1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
75f771765357d7e1ef2c78e129172d37

SHA1
9b37c2992b83d069828609fb2867dd64661bcd49

SHA256
77df0521066c9a1220545c491b8f2d5ebdd2114b3b4535014b44055feec0046a

SHA512
b6fb460c8024ee908cfd844286aeb040325b0c4164e7dbbdca338f281f1053a4664043f836d9f2328ad3ddc4f64c2808ed1c0a01b921f6c902ed069e014e1bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
eff3ba98e058dda24d3cdc64545bdf52

SHA1
49ebbd5a6b1aa1864011b270329d6d4b63070730

SHA256
eec5df30b43f88ac85ba671fff41d6cffe485718401916dc10dc905adecad743

SHA512
66824bed6078506755283a4d4ac3775f669e854fdaff7351d1c332caa3876a241a63c5bb93846a97a6daa58fc97fa58add3784882ce7a049de8f060e10125aa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4fbe3e1640054bf5a6608b56cbb4707

SHA1
723511889002aeac0eb3492ddef71a92b21aa879

SHA256
de3fb56f2b1f6a342bb4b19f78b72bc4e2e6fe212e708c6d9eb4b2c34c84ce43

SHA512
57f645b7d23b6a2a02fa6debcf0a6cd9a11cd8698b904e01ce5723effc49edf90bfde15dfb9b4a42e2bf7df0afe4563956d6e9e403e482af56b463f046e43e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1745128644710f46db8a48c79cb86e6b

SHA1
2b05beba81504102656a70fda3071eb1557faa49

SHA256
33191a35101b00c5063f3a0a17f37ef35e800510ec4263f3e10eaacf3289ad0a

SHA512
be0392347cc550bfbf2ed900bdec2be6cf4171227d666eda09f17f6a3b50adda617bd5bd0b1edbc843c492e9c1034bbf6adfdc76bfdd0584d4caa0c63cc6a0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc152f2d32deb467991c9f415be0d903

SHA1
19429ea31055dcde2be779ee297c7cdde25ffda0

SHA256
9da8dcd5082661cfb039e1df6b8c95298cb6a370fdb7a7148de83d5da4cf07b4

SHA512
ca3cca951120c24b1a6b489f897000724166c739e5e903042b912f79141c71f1bd80ba9cb0e6db5705502d50b80806f7e2673bcd935b945bb6193b7a80131fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b0cc771593f552b18ee7475b6f95d4a

SHA1
916486024ddc411b245d39772688d6c1a4c8062b

SHA256
5d42b07c7be3ba605cf6a5ecd95f20e4790858d8962a92e4e65f236451bc93c1

SHA512
a20cf1afbc06a8186befa1db0d0687fbba907e3dc167c017f1dd465281fee3d9e9c01ada5d1b0bbbb55c24e5438e8dd00e80d15519e1e84491e275eb25c33aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90c8ffbcc642b7180d06459dbc51b186

SHA1
a322eae53d555d800913e534a16882bae9675ee6

SHA256
95d004169a9c1047e95d74a2a51f44541628b994601964f6f4e4be529540061e

SHA512
0a8fd60a629eed7f050e6140c3f939a04bc20430e21aa95f9703982d8f34e34babe837339ffa5c0a6266b90aae946f629339d1f1afba40b368f22f5a1194eb16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ae7ed79fa3ab07138f40f0ec7346d8b3

SHA1
3624fdcb081a0c2fd3c776802794921eb3c97712

SHA256
8817b5080bf6def2d46182ec22396ef6310088d60fae32942564d7716aa94ef5

SHA512
9e895ba9e66deb426ac648c2548001b5fcdd8921345e869b2a1ad50275cf7394f22f87405429cdb21e7b7995bd09e0e3faad197d428cbbda4267a5fd6c5de968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a1544054cc0bd13ec7e3b40b74002e68

SHA1
059c955cc52e9d2df403028a95953da89f260804

SHA256
1646dd835abbbf16b9a87d33cafb9a78c1be6f77710d3074da5beb0301e9d930

SHA512
e8db27dcb62fbf2e0827c15d73b0588c7bc037c7ccbdc51c651ce73f260138a8c29a0d72b817f6f9af14a84b8b047594a56c33b808a839ae47b82b1a75510b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
26KB

MD5
a753170379de3479a1bcff920f0189d0

SHA1
fff0d37fa9e0cedd2ebba64445f05228c60d9720

SHA256
deb750de4e60af6fb57ed01dc13bb78a94a787e2d4baf624ff0822b4250e5c82

SHA512
93e9d6352972524eb3b7f4733ac0d2493d00abe8e3a7f990687aae136fd4d10885127fab49dd824c1b599721648ab9c66dc136663806538addac649c4edfa96b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\201d59d2-3f8b-4695-908f-82db2b43bfa0\index-dir\the-real-index

Filesize
48B

MD5
47b86a9fb3e00e9f8362f70163b0c516

SHA1
28f5fa911f291e4a0d6cd1db6d1443b482154b71

SHA256
d2ea05d93ce27d3ff8fa5f03c4f5fce456f0b84278408adadb36cd1e92f83bda

SHA512
f6eb6da3f7b68fd87e1f3fdf4a36d57f60b1ff27693068a5f67e3fceefe0d7d48cd3235d07da0c1b7786472e3e8134a25cf3463c236e51ed5c12bc57c7159f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\201d59d2-3f8b-4695-908f-82db2b43bfa0\index-dir\the-real-index

Filesize
2KB

MD5
a9543cd4b45524012003b7bee3800ed6

SHA1
4dd47758a312d7e73a6403edc89f5ebadcb60d10

SHA256
c90817552b922ba7e032d75c6464445bad392468b50c123a29289dfd04071f0a

SHA512
88bd34a2e6d4a40fc1b6c18f0677f6161d233646d0913cc53b18e98271dd09cb67c4e42b3e6a26f31ed45a05736ef565d08c3e38ac8488afbd0f0d080987af23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bc759756-2b05-4b8b-90da-81dda2110d83\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c2c49638-c947-4070-8045-e8811c443bb2\index-dir\the-real-index

Filesize
624B

MD5
6ba452494d60b702b2f09fa6c75cf3ce

SHA1
df4781d71f813c3007e7a7f5b11d3a808871d751

SHA256
8f3cd2f877667e5821d00f05db378f867f3faba79c4abcd9dafdfd480ffd5374

SHA512
8064593d99123b246776541cf1b74bdf38e06eba938692d7669a2bb0f337ab1c3962388dcc3cac301e3722cbe762a2b66dec9efddf8e477af82b87c5a68c6107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c2c49638-c947-4070-8045-e8811c443bb2\index-dir\the-real-index~RFe5cba10.TMP

Filesize
48B

MD5
04ea4442d1c94246468bca33b5c89e7f

SHA1
2c2cba1fe0b737e6824a17538f06648ae4ff89f4

SHA256
60ae08bb559d4697da81161db858f54ea1ff2254315e4292eda6b9180fde6780

SHA512
9529cd85f4bd878bf4d936f9753a26d33b8aea25ef37c9de9c125d34ac84cdb58dcc7e8e780e0a7f185d827bbe4310685b9410d63339ddca86ee6a7364fa746c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
8a8c84b4b04d70084a0f1e3ea99591c8

SHA1
404a36ee6d753a3f614f71b1d65d20cd8f576bad

SHA256
274f163dcf8b33b3cb7dccb8fe20c92163b8cf1291869b0dba3b79411ef857ba

SHA512
6d3135d20ad70a4783c37f568f049036c49ab515e667e31baa85a40e7c72eee6887f5ceed249fd1867498326336aace1cae943ca1052d26d6d222cd34eb5835a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
fb986474e6e5256b3581719a4a979b29

SHA1
aef378eb544a891bd2e03fa9251be76634d5f713

SHA256
d8475d5d672a7517e9ad06433792c8d33340134e168d0050400710b6bf58f7a5

SHA512
6eb4f25567c248a743e920fbce78a456f17fc6c0aba9e490b0009f521e11f054d0ddf627c7e07ec6919decd7541d27291aa198bdd60dc8941c5bdf7e2cef88f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
a0fae053a614ca52863f095c56751313

SHA1
9625629e27fedf58e60233737585b77fa66c893f

SHA256
fc3525fb6d207257db45bf39049b5c068f8e9e415d40d32f56705a23bdb2535f

SHA512
d3f1ae063208cd6e22b26d8847e305de953dfa53e011225cb806ac957702e0d412811861d4ac597cbe5278c602fce33f0767fbb03d86761c30833d1605c8485d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
db521e3eb5e43d99a254e2d82e7b5b7f

SHA1
9422b5b0e0223c0addfa3a921553465bbbd418e4

SHA256
fb033266e5ce63a035419876177ef0dcec601a818d7621687ae1079d3f067d0a

SHA512
8412cde1376172f15582ff8cf45eafa02ff3d158d1372851699141abf794fa8144cd6d2595c8c9b3d22dd562330c7bf1a2a76af104b1ecda9808bbb5821e7abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
c07a7da5185ea41f246ee19dd44ae689

SHA1
68c11002941426593d8878d266603f3b080e97dc

SHA256
92300b752d2c8441c5ef6cfa89910d25a27e8cfddfb5f885bb030ed8c9e62938

SHA512
2b0d63a1221189d2c402e3583d1031ff88b8f3fce898d64391cdc50ec89445e875997e254f3b093d8f6978bbd2c76f19143177f96f9f2977c176d1ea382f2f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ecbbb9f3a57889960a77b42570a5fb79

SHA1
29d0993f85f10dd71371610d71ab390a72d431f7

SHA256
c8eda4def6329d790f936916dfec6a053461c083d4acadf3f43c5a7ec8bae49b

SHA512
04a72dd0efa62dc03942409ef7252297099049adf49d2a1140120cf19b582d2f1bf890a1c4fd80512c1c44453da044e6fa384ef3105c76adecdecbdd49e4c3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
91e9a35bf2aa38f586564e8e6c264ecc

SHA1
693a73e974ffc70da693dae472dfcd6ab728bcb6

SHA256
658b0236aeea41683f571f37d1ad7940e4fa02820134d68b8741f39a10cfe486

SHA512
ad2ef4f66ce817a19b3d1319db26203238098e622cbb6978e2730b15798cd5284ce4f2cc667df7d232750b6eefdf7d114f6c26911309fced28831a6b51eb4da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
dd06c7233c3a092c11ba001a1a534f95

SHA1
1f746c9b658259bee3ef1c3f6307f1c97c34c25c

SHA256
d00250869db9a90306b9eb9d6e1621f26dd5e5f79bb101250314da873e99174f

SHA512
f2dfc59409c5e481733ae72110900d1f45f025e57ef94241b8082330c0fd6d03051d04c43fde3b7542b91b668e4c026b96e2e1ee8c7770a56af4d1d2943587ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b3558898613f3168a6859f2e519407d8

SHA1
a1923c3174a2ce9fa1dc05200287fba148baaef1

SHA256
6fd4b4d67cc48855ef699519e963c9c0a9aec710d0de12c1cdc18e44eb8108ea

SHA512
abc6bcc6fd9416d45d2c7f325aeb6a3e710b80f65c1c6cffb471ace1992a7de4184c7e10301ab480e143813553e8d6c29fe936ce8b645d905b8b8159eabd7bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ca7e0.TMP

Filesize
48B

MD5
54c135793a2d1a0ef0042fc714499041

SHA1
5dd5bd3c2d576e7e36b78e80692c7d0ae07b33e3

SHA256
2ce0de8a8358b8f22c44ff199078312c6565862e3a0e685379f3f95e73fde476

SHA512
224bafb2051e8f5ccefff1a0a908bf3af9f7cd121dfb75cf1ac820c06b142cd831df97c9b17949ce5e54f91f9eadc0f3c5f9e94eddd6ed91875ecf249ec398e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
3aff6c8aa950e394b0a15c781db700ad

SHA1
d256400d04c812e584ef3479a3714a68afa45eb9

SHA256
ba67826926bfc77eb95cdfcaba2e8964c6252e5b5dd0af2a58045ff49c401c34

SHA512
0a106e62fcf24f5b3ee01e61af7c2b22fe084e1dda6e135aaf6a1c893a400c596c346c65cf6b606fbaf07315153b55e43536552584d06a3616a4e7325f101bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
9f1bb7cb371522ed451c88f2899a8ca4

SHA1
b2eabb2c7ef673298f8e1537cb25164dbd6845fe

SHA256
ed75a4c57f691e0ce0f634eac2d7bd7c883352684e0b4ffd93b8fac6b02c5b64

SHA512
ee19ac0ad1a814cc8b3ba45a9dad942dde46a871149c0fcd45f0ad72d05524fe36180be328452ac77291c62ea9efa01dd38b9765170c8893f261376ef3ace88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359887440267645

Filesize
4KB

MD5
dce04f56b38400bd6e18d645754461bb

SHA1
b9cf534258a89abeef662fad25798f8f4f62b529

SHA256
9431724b36f89b0626d984663f9d625ca4b36c16aa6afcd5dc33c6fcd0afef37

SHA512
608175cc3347ebef6617043b40a30f8b7e7b5b5116c9a258ac60a199dc2062e31541f3c16dc73d5ff2667c32227d814cc41cf611d36e81ed9c022abd477bf349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
7973f6613f375dd734078b62e10be141

SHA1
ccf54a610c2a2f87d40536eae5b25f545ccab511

SHA256
184fa2f93670bcc7bde49a078431947d3d8cc40c4bbb248af96348e222583bfe

SHA512
dea95ad788c436d7e9252b6e3ff5871491f146dc7481efa78b2179d9cfad3a8dff5790c9142d9250b33be28838d65b14ba3a61251b45bacfa6536ed219fab46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ffb6cfd89864925edf7fb55214c5b3bd

SHA1
f347744b4d3b404723eda42e17a0bba9cf7533f8

SHA256
428d708adbcc544d6dd8c08ee0d8a603df00e79b8bfd7a953b3854d910e16c5a

SHA512
81f0c91940bb99f7852cf70c237f4b61037d978084a2e51140c5eec9d94944f983cdf732b04aa2756aa9dfad5d35b1c52984fa69349419e78dab6bc12008b73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State~RFe656175.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
80ba74498998fd8857fb5332ae87581c

SHA1
69d4123a023ebecba1309681c3476f00d4fba35f

SHA256
d428ec45e54f771c09a232b3ee6e67d1ec31d1e850b2d57e9e7e167c533cf5d0

SHA512
964445fe893ee948cb79965c3743f68e82bfaf2a76b0d37cca2c47286693878863b4803a2a7d4af6f20fdaf1596d9d94d35d9e093349a6e110903ed70d1da2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
229e9309ebac88470aa619608ae15e26

SHA1
e17fd988ed046b7d914afd7bad85ceb312df026e

SHA256
499051efea68860f98bc50a04ca9ff0e98bada0f8f94788e2f4e95c945af0d2a

SHA512
b8a614f95df77c84c49c64f5c75ab0b2ff255b6b371931106734064e8ef7cfaa297a5ee29fc3a20ece5c9674cdc2b9dc863097cf31909be5fb1370770db9c339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c7854.TMP

Filesize
872B

MD5
bb13493090b1d689b1d58247de88ca72

SHA1
24f4d3d1077978af5c4c2eaf3a29781be7714389

SHA256
2501db239b4622db3a78a5eb2b8d6ccd7c543e386cb5f582f12f7abf906c4afc

SHA512
14b03e1baaff59f62fd7bb40371354018db595a8f3169344279921da32a3341445c96254334604816c3f85c2c86ce0ff012f93dc3d87f79c1110b8a77441cceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ddfdb7d8bcce8c6d9021d16e28cc9808

SHA1
919cefd0cac8547e0c5fd72593d1c15596d59e04

SHA256
06eaa248ce9f842c7356c19e7c2c790efb6ed1ec301628e4edd6b3b126bc373d

SHA512
7fd317c5444c44246b0039fc7ccd019afccb18fdbdd90b2de201fe6cf4e6cd09a19aa60ff7c04c575d8ca8ba34b58c62fbcf553d1ee2d1d5f731fe4b50018f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
92KB

MD5
4243f48b4a18bcabbaf75ad6e1e13c0d

SHA1
a622ea5d06b4c0671f130b1dba5f7b7a34f1c718

SHA256
9be5787274523b67a2cc342a565e097c043e3ac04b166a51a85ba1e127b1d70d

SHA512
f7f58bf382513ff55ae3e87d1df49b58166a432b5e8227ce3fb12505e3fabd850600502be190c0b78dcaf4758476d58c8643c6c4fb79bc7b12cc01ddf62a1748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
126B

MD5
6784902b9e3bb199833f2c99b4efbbc4

SHA1
d8a873af11d58d8d5bb53e1702947b652abd3ffa

SHA256
beb6e42360dba4d032fe46a1713a46a2cce91dad1409a538a5084360cb86e61e

SHA512
27266e69640c146ef0e0d84cd8a30eed80b598755fdb0eb108c22260303d3c9e076b442ef993a89cfb386dd488f7ebd1309bc30ae2bd08b7b3348779d164a57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
451d817c3d374810c5d997291c901e5d

SHA1
b2604de150b69c1ded742d4021a2fd68a5740c40

SHA256
f865ff600c8e093db4beb005c0f8ebd1f7f14bf770ea5a5ae3f7d263e0d1b988

SHA512
0f3018ea2a304972fcd07761b6d6c458ea792afe09409dcbf199523d957c1d94cd670694c9cf776736f5cf23bd63e670ffa777ea6f6d9975e7c4098577882868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
376B

MD5
9397a07649b7ccbc779f7d8a1fc733b6

SHA1
9ad17cdcacafddc9a99549ca7b6b0b60aaadf7a9

SHA256
3f2d2f54e069279f0547cb909570be5c137c52d29b37b6c57748ed4264b3d5d4

SHA512
94767691c3accf638b169cc70cfaf4b2079c685d40c54cc3be86cedb3268bb6ea8007bd079768dfc9c76989cb78d6f853d4b9cd12a8a8c8e4c16dd43c666c4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
450bc257ebc073047533ad0e4ac04124

SHA1
fe4eae3a60b6540b3a51b8b5fd5387e564a2f264

SHA256
c324ebf904f1b6b1dc04e160c38b46dc19c9e4e084b479bcb0790c1be1d37ea8

SHA512
dbced010791db051d1c5201bfcea0a1da3b14aa7eaa68fd88f26d050a06eaea48112e0e83b88490ad44428beeaf03c55e0d93acbffcfa563c8d56150ba990631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
18534a585786ea06b340e602e675123e

SHA1
0d6f41941b3de9d8d7a1b06b3071f6665ca7e4ad

SHA256
4a547e841432d795c3cdf31bc98fb50d50c1b03952019082cb07fd6687cb67a0

SHA512
e108694720c4df069d333ae3c87315ed229af4800f6a8fd969286ab0927f2f299add94455322b75268c85470a46231546272a1479487f162cfc939434af19782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f515ece28381b37ae3cfde1c0ee760f0

SHA1
841e4fd7cd9245da7bf15c2dea9e1ce018e1f5e3

SHA256
da3f7c7a1fdbb2807552417bd99b01db001bd85c00dc6436c12b9252a0f2dfb2

SHA512
fdb3114ebe01e205f901bdd924e7603f1f681a0b1ee3291b01a6dab7edda9663048549d513e73904526d334a33b6803f3c472dbd564c675915fc4ca906954f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
84f584332d19f9083862389bf33ec17b

SHA1
e81897230fedfbdfef6f664ad1cdf9eaafd35ee2

SHA256
9b6a91feee349e5e8c334741150f717ef993ad5de8e93e1fb402c3966893ce67

SHA512
144f863b84b07ce3fa8d71f3300cb221431acd6c1a49299e6f0c7891be3ecde611b48c321a7c93075a52863f672ddfdf16ca36fe1624c90a5891407a5305ac50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
00f40c972d002efcb0256e1f751d48fc

SHA1
fa55584226562171ffe26e6c769c62dc5e0126c1

SHA256
8fda0fc7ad4519d0a5bc0beb33e9873dc1ab6398a576f73a87a1ff04868c0289

SHA512
3962418ffc6e35fe97a3ea262cfc72ae1ebfdaa3a29be614a6844d374977c0ccdd13c08812dc15e51573ffa709510eeb8c00df60bbac2b638200ef003761a124

Download Submit
C:\Users\Admin\Downloads\ImportStop.rar

Filesize
725KB

MD5
30346e0222058be745a31be40a1c3af0

SHA1
727fe5633b8edd6ab8c5ac817e78bf877d6fff61

SHA256
940f4a638eeb4ac94e065385e47331527f4eb303b8e2cf3368927cdb861e3611

SHA512
68dd5acb0c9ae5bbe19d83cf7c93a9996e73ba3516976823caed01fbc57ece8ef589a69b4268850ccc10df0ba9db2bb9e59907b3e8d90436663d1ba129f1504c

Download Submit
memory/3552-5-0x00007FFDFF430000-0x00007FFDFFEF2000-memory.dmp

Filesize
10.8MB

Download
memory/3552-4-0x000002793A1A0000-0x000002793A6C8000-memory.dmp

Filesize
5.2MB

Download
memory/3552-3-0x00007FFDFF430000-0x00007FFDFFEF2000-memory.dmp

Filesize
10.8MB

Download
memory/3552-2-0x00000279399A0000-0x0000027939B62000-memory.dmp

Filesize
1.8MB

Download
memory/3552-9-0x00007FFDFF430000-0x00007FFDFFEF2000-memory.dmp

Filesize
10.8MB

Download
memory/3552-10-0x00007FFDFF430000-0x00007FFDFFEF2000-memory.dmp

Filesize
10.8MB

Download
memory/3552-6-0x000002793D2A0000-0x000002793D316000-memory.dmp

Filesize
472KB

Download
memory/3552-7-0x0000027939990000-0x00000279399A2000-memory.dmp

Filesize
72KB

Download
memory/3552-8-0x000002793A150000-0x000002793A16E000-memory.dmp

Filesize
120KB

Download
memory/3552-0-0x000002791F330000-0x000002791F348000-memory.dmp

Filesize
96KB

Download
memory/3552-1-0x00007FFDFF433000-0x00007FFDFF435000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads