92b19e47464e535165f4a74f26064916ab43758a53e3b1a4bf95babc0bfc1608

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

exploits.html
Size

30KB
MD5

0e6426c11e50154378136c04a3cf1132
SHA1

351fe45fcba84ffa33a14ce6b9e6056590983c5c
SHA256

92b19e47464e535165f4a74f26064916ab43758a53e3b1a4bf95babc0bfc1608
SHA512

51a8763a00a524d1f7ab3db6eb72b044150d0833abedbd5d74d1696a44cd556d114184b8baf936c5ccae616df379272693de2b3415bf244f4659c494846e0eb6
SSDEEP

768:7rTilU9RC9fvOflS5/u01/8xWApJingqna03O7m7Y7dMdsx9aHU2A+CUSBtS3/SL:rilU9RC9fWflS5/u0/8xWAringqna03O

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
142	raw.githubusercontent.com
143	raw.githubusercontent.com
161	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617908465727455"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
920	msedge.exe
920	msedge.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 3612	920	msedge.exe	82
PID 920 wrote to memory of 3612	920	msedge.exe	82
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 1492	920	msedge.exe	83
PID 920 wrote to memory of 3540	920	msedge.exe	84
PID 920 wrote to memory of 3540	920	msedge.exe	84
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85
PID 920 wrote to memory of 2064	920	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\exploits.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a4718
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,1313275016199731941,3206389191214384732,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,1313275016199731941,3206389191214384732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,1313275016199731941,3206389191214384732,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1313275016199731941,3206389191214384732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1313275016199731941,3206389191214384732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1313275016199731941,3206389191214384732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9818bab58,0x7ff9818bab68,0x7ff9818bab78
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4364 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4520 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3300 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3184 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3204 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1932,i,15765889824209038925,13661762200337907717,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7f01c5ac0aa26ad74650e8aa30a76922

SHA1
936e181c47a8daf38e97af5949e80dbb47867ad4

SHA256
75eac4dbdd934198583d351ae9a3b1aa4e62679cb414741889cacc85844e2573

SHA512
1c82a1f03fea08fe5815cde41a6f638db355f9e13dca1303531155d36305ee630c94f411381feeee6e0c897e6d056bc3309cde4618a666cbbd653146667dce01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
489310a2f4270fb7ddfd40409fcf259f

SHA1
6ab3c893445a67cbb7ace8156dc628593ce6990d

SHA256
e12a7654339195875ccc1ff878a3e86a8e4d3e9374fcea8d092b27b3d806a703

SHA512
c2544f83f470907a86640887df82651185d200190f9c46958931c5cf5506596e29b4a446c453f528a25c13542fee4eadaa9bbb750880e07323055ea0b1f89eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bb245581fda4c2d62b5b5a7a493767d1

SHA1
5255e63a902e9d1c75eb538a902bb2a506a1e2c9

SHA256
791f35a1bcf33db9e689f9326f55feac302a8b5dd683d7bf81b3b35916a14c2a

SHA512
bf19b852352bcca3de8d1266b83d855b27822a119e227968f955bc55216188bca048373bd246dfc357fc660944cc59b23bdf2ef702768254f8b5dfb9d55646f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a0e848e7f448121e7f0a13e8540f4d50

SHA1
90789259acb7cc37a13f6c73a618168f3bd5521f

SHA256
31cb5bf548cc1ee528bfd3f239aeefab60bbf0186dfef6b6cf853d7fcbab5ba3

SHA512
2f4ecc9c4b22b980f406bcec9073355f7a4506deea90bbaf564a592ea48b28ae6a90ec8bfe4aed1a9483f6fdc492141c9ce482c24b872b3bdcc4a2d99f0e2a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
256e4520ea687d467391d14676998eea

SHA1
5c9ea9276463d6c5be5f3d6c1a6b4cff71403aa9

SHA256
0089d94e43b933bc2122ab650876135ca24d9eb6d452bb0bd99e9177e0a9c63e

SHA512
dd899285a810a9b4dbe02861957500cd81ee829fc09f7d049873c8c4e19f4881677ba8cdbf4aee7ea804675a43c25c69f010f3c5982412f3f19e1bd10266d8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5bfac9f3086aa8d194939f9904f4d626

SHA1
40244d9b684506eb0d156d96bf3cc14999718fe4

SHA256
05c00ee229b511c92cec7a7d6f6089cf6c2cda17fbf39c4fd4bcff3b1b6a5891

SHA512
1644d34141821ea56ffc4366dae30025385eecda73e0a073fb05b96d48eae5e2c247495a6419fee5a8eab4e916f4a43b2c747170d0ee43e58207e2d446b2c6da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7723aaabd3232d354683205f8f8945fc

SHA1
ff0a417c29d58eb78cea8e7726da56102de6d814

SHA256
8ea09a6e16ce96082b84b584592281861ff16ec6d03f24fb3c7c729474919a16

SHA512
70231e9ba0b27996398341040036c22c500ce991934c255a6ab0eb8af9c8d0ae7b024ae0db28b88abf0d294d05c1ea8f9e7bea3a47bf475248caf87aea27e9ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0f5a4e78c92696c87eaa2c184a400a15

SHA1
0483e3955b330f676159ad7cabf3a2a458c2835e

SHA256
18c1742b7094c5ac2237c00d1d11ccc9df37c4fe2da16d169165c3dedf043ab2

SHA512
33e7032673c95f09deb5f4e1c149603e60fce6c7d7624c9bc9b319ec61bb89a181050943e0108b7d3f8056c71757429a9ce5684d4b43ee240a3d04ca46e74a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c939d51a0682888ca854f1e55108650

SHA1
3a401e953a98acd220c10e06c17f2a33ff7276c3

SHA256
c00a056d603dfb8a140e860f0570eaf854c1e76597cabe171e5d015a39fe1660

SHA512
7104a44efb910ffa26f52d63e2fc0ab6eee3f3516ddaf89484629f29679dc7c7143cb1d673b55b1c3ea062a702b744b8374e9669e7e1bb6779b51574c745a901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4579ff500e1c3b1ca71d065ad071565c

SHA1
2a2c45b683e69ccdeab0f837deebed1640ee7416

SHA256
eee463151472dd39668fb3807db839e4f3e874da17518bdd74760d7314fa6905

SHA512
59b9166f9be4e0546ca5e6273ac7b367ba1d2507d07bcae36e9b5618163e1348d531946525e5e6df9255a9167ce92e833d0a20b10ef293aa7943fb3f892b3b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fd4b6252930e154f22ee9fd59e4dfb4c

SHA1
17823bf6776b721ab0fbccb1f57d59bde03a874b

SHA256
4ce9849f593dff7506a78d9d3f9db5c32061796c84e45ee9faaf457492c061f6

SHA512
db43e2e400e309d3f4313de670d53d6c3adddf4a907d8d5818414ebd19702ec6f8f03fb74bf89d5a6417d53a23f4e73d7612fcd808691a19d71bf7df1c4bdb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eacb0c4bc0247afccd8213374fbaa795

SHA1
7b6344dd30042f8ad906b6df2eb87c5a4ecf8cee

SHA256
46e9b93c64456b1dd74af77e6ee09eb7eb99c9da7a0caf67fdd48c8ec91d929c

SHA512
f35db9710a10e61c03df6cf9bcd7d615f5fe0976c4eabd00eb33f644f2a01575f70f02d41d31399b5d02c1474e1fc6d72c416506742b3480818ad085332f4bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
618e837febb37da9c539ae56124a9766

SHA1
d8ac81f4aeacf8253788fae2178e1bfa47c5ca34

SHA256
1ad6b048e13d2a896f4ad31c31a942177da78b05e12c0f41c3a42682078b2967

SHA512
965d03c518fb846ae1196e7fd4a7cb30824dfdf01d87cabffcabc884e126331e435a25f17bc2f4c14742207675b71bdb8cd19f3923f3f988c7be2c813fd41aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
934f05e0edf9d76c28116a85a94216af

SHA1
3bb04323b2195fd83f9b19ecc59c5e14b9cf79e1

SHA256
367a556519e79ad14c9e3f05b6d5093e3e4d4140a5e594be711b5d178562cd61

SHA512
bab380622b48710252490ddfa282a80bc3103edf4a2d8b385b2dc231d73e41ce99af0b4fca942af5f9718b3a0888c212aed305758de0809e4164edf1a18b72e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
16f9fe9cbde6a7797563897795b558ab

SHA1
776727c8a3c682f1f864bc30f73471a7f513eb7f

SHA256
3f6b44ae0d55b740877fdfda6402b1b7448e43bc93e41cc4f8e5f3b27aca7259

SHA512
55de5c7f107cc2a3fe53662035a1ce4a91cb56c3ce20e37ea793b3cd226cf24e56518a756cff8ad9c7e47c7d23faf03362cbbf60dc208f1341638181c76bccb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
7c9eb4b371c6a02a10ce4f7bdc66f9c4

SHA1
4911dd66886614948abc180188b20abc706199aa

SHA256
5f9bd5fabcdf5a5482889c92ba300ef36c0be5c34ec4d3edda98e05ad3ec8aa4

SHA512
f02f61df99ec364f207bff8c0ec73b6587ecf9ca6c4e8910590c41ef9242dcfe122208102094a1121779027337bf7438c9dea19e003d2682eb2d06ea0ef366c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
904f8ca21df4dc244fbe2e7014ed8d34

SHA1
b2cf65723093caaa8fc0def6cc1966440c3ee780

SHA256
51dd9e6dbda02d1b3bf29aba8e6de070714f3e59c4f458a5cba0c7fb9b16a051

SHA512
58b1b5fdeba037a78038165bce81e6a300e4ec5efcc90195ea547a84fc47b73f2cc23fdf556b912caf2797885397477b0fa50c8a77b094908fcf2edb43350d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
c63e5eae485b910ba6a9bc0dfa53cb76

SHA1
d521a8ace8d806361fb1ddf42193589d4acbb437

SHA256
a590b275dfc8f753a503e839e35582f38a17427e3564109abfb554ed1dcbb93a

SHA512
53d86260efd7c569bf6fbc652ce5063504f71b7fcb5165a15cf0c1a278cd19addcc24d9bac583c73b2d985a4650a074942de086b8315d3c71b3daec115cefeb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
3283fdad3214033fec03a8e5ac0a70cd

SHA1
dbcca95354a166f880494447236f8d3cce13ba56

SHA256
10d99e4ed3e2077e8cc93000bc3323fbca67f788162381d01c25234b17968f75

SHA512
98c1280bded5dbf3ac22f81ceebca92502f1985ac19de7c7be149e54ee79695ce74e26d633061f419b9df2d39187fa467526a73b43b5cbd0a69e5ab741f31e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
f53a41da568497c2ad72b48a0e61060a

SHA1
bfcbfd167cb14f98ef426535aef0144d5110f3ca

SHA256
16eb230465f1f8b2858e9b614052a01652eb2edd3579ba0d9e1c619f81769da8

SHA512
3975564861c25b9d2a5a91be21c8a33eeced3ccdb2dd132e39e0d124eda99b1c862226289c92d616c37612a037b0f1695aaab72353cd04dea84eb05dce3ed0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
60fd311e5dd90f4bf568dc45849c2955

SHA1
32f8e57140a338dc63ca09655f3b073aaa8cafe2

SHA256
4db5f4da4a974061e3d47b0aa6245aedb45d24c3688ad5630b3bcb30cba3defa

SHA512
78a89f66cc4d54872b2f71dfa7b6115658907224cbd12d9e49faeb9850c235adca80e21c6cbc3f6b8dd720d2ecfdedd051927b447d733acb7c6a5c02ceef7ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f7be.TMP

Filesize
88KB

MD5
5a2512bb78f6ba1beb0f934fc00c211d

SHA1
7065c12d40e1494912b246f1c511997e8673fbc1

SHA256
39f642213af469fb597a05e933b2201e3296f752bb44cb6e20c604e5633c1491

SHA512
e99080e4fbea8d702b9e21f2f73a133c916a2d241ba1d160c72e85bcbbd90b1dfebdb2a4e64393d30d0af89b41e3e3044b4fbf95746a068c12c1fc7eb2167ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
720B

MD5
724b795f8b2255c322b02688e21f1160

SHA1
52f7f9f7b472744ec78a356d56efad97e15efe69

SHA256
13b8033177ade120dbddab61cf123ee92810666fd3e055c6932838936c1fecfc

SHA512
e68196231208048f8460ce7ba502afed2cfaa74127698e32509733d1ed0e7f18b6667985d3a8e2cea8a62ba2443e205013c0f5cf7b93b042011ded7a854a9b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
435f7a68e46974c7d9a173336b5318f4

SHA1
9725c1506351fbfbb3bee4377bd0cf823872e968

SHA256
06e9996d3f092d4b6dccf501104063c74e37f99e178db97372b30c87a3fe4d40

SHA512
d17f258e9a2d2a1a4fdf3ac02db2dad6e6d4030c5ce9d8b806c011bbfae2df1c590c821bbb5386c4bd1cd23c152b19d9815a9545b556ed71334e88721fd49020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5108d6a480e1264cf6b53086fb86aa62

SHA1
ccf0e75bb81eb18206a30b6f53b92e0a5fa8bd22

SHA256
8b2e4e9cc9aae07f623566feee92533c228281d2f6fb513c88849c4fc04cc64e

SHA512
db91e47a8accece475b131c2725cb3b801374f76ae1f10c3b0a005d46f156885390133173acd5d91c9f127f4e887ae3f803fc0110f9a005af3b871c8081f342f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58b1676fe54bb1bfdd35b0d1bb9a6198

SHA1
0abfac2e4df2271d41807a007d8b9c32015498df

SHA256
780f6609e3d223b7ae5c5a13889166d3045f6441896454b4cba81cfa5c822b16

SHA512
d6219a4e5ca6b4bbaad3e378c3279255d762344dcbdbafc6abb1d2c691c568709f2d1aef2788e99e0622359040c4bda5a82718a6f3a393e422e5667444d6a4d3

Download Submit
C:\Users\Admin\Downloads\Ransomware.Matsnu.zip

Filesize
62KB

MD5
0a3487070911228115f3a13e9da2cb89

SHA1
c2d57c288bc9951dee4cc289d15e18158ef3f725

SHA256
f73027dd665772cc94dbe22b15938260be61cbaad753efdccb61c4fa464645e0

SHA512
996f839d347d8983e01e6e94d2feb48f2308ab7410c6743a72b7ecff15b34a30cd12a5764c0470c77138cf8724d5641d03dd81793e28d47fe597f315e116fa77

Download Submit