c4cef271fc8da0104dff03e998d8200623ec729112cf67f6f98b8e4612570dde

Analysis

max time kernel
1757s
max time network
1767s
platform
windows10-2004_x64
resource
win10v2004-20240508-fr
resource tags

arch:x64arch:x86image:win10v2004-20240508-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
17/06/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arduino.exe
Size

849KB
MD5

4ffca22f5e1a02ff1b8dbd9a155f89fd
SHA1

9f82c971f31d461bf80aa3c46dda283e022820ab
SHA256

c4cef271fc8da0104dff03e998d8200623ec729112cf67f6f98b8e4612570dde
SHA512

648944db0fe54f40cc23346929f7271715f81433016561f66e0199495b56ba0f4f74ff5c7056e1f15e54fa5901bfbbaff7db6a4da2bb2de8e43c9915290095e0
SSDEEP

6144:MhKZ+tawn/rRgI1yhKfho+iG01WYQEehZjHTNdZMJoHizc:Me/h971WYQEehZjHTNvMJUi4

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1516	icacls.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630824239226915"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
4460	sdiagnhost.exe
4460	sdiagnhost.exe
1996	chrome.exe
1996	chrome.exe
3132	msedge.exe
3132	msedge.exe
872	msedge.exe
872	msedge.exe
3900	identity_helper.exe
3900	identity_helper.exe
6040	sdiagnhost.exe
6040	sdiagnhost.exe

Suspicious behavior: LoadsDriver 14 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1452	msdt.exe
1996	chrome.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
5528	msdt.exe
872	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4340 wrote to memory of 1452	4340	arduino.exe	82
PID 4340 wrote to memory of 1452	4340	arduino.exe	82
PID 1452 wrote to memory of 1516	1452	javaw.exe	83
PID 1452 wrote to memory of 1516	1452	javaw.exe	83
PID 1996 wrote to memory of 5084	1996	chrome.exe	87
PID 1996 wrote to memory of 5084	1996	chrome.exe	87
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 5104	1996	chrome.exe	88
PID 1996 wrote to memory of 2256	1996	chrome.exe	89
PID 1996 wrote to memory of 2256	1996	chrome.exe	89
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90
PID 1996 wrote to memory of 2284	1996	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\arduino.exe
"C:\Users\Admin\AppData\Local\Temp\arduino.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4340
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -classpath "lib;lib\arduino-core.jar;lib\pde.jar;lib\jna.jar;lib\ecj.jar;lib\jssc-2.8.0.jar;lib\commons-codec-1.7.jar;lib\commons-exec-1.1.jar;lib\commons-httpclient-3.1.jar;lib\commons-logging-1.0.4.jar;lib\jmdns-3.4.1.jar;lib\jsch-0.1.50.jar" processing.app.Base
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1452
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae969ab58,0x7ffae969ab68,0x7ffae969ab78
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:2
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4684 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4944 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3368 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3268 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4368 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4736 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4440 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4356 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4380 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4672 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3296 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3360 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3076 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4324 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2468 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3188 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2040 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1684 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3380 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4604 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Windows\system32\msdt.exe
  -modal "590104" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF54C2.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=2024,i,10556162665881858979,4493378489579564310,131072 /prefetch:8
  2⤵
  PID:1516

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2148

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4460
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnblockUpdate.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffada8d46f8,0x7ffada8d4708,0x7ffada8d4718
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15362487434908092572,1848408703386870817,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5444
- C:\Windows\system32\msdt.exe
  -modal "786492" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF3937.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:5528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:6040
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
27285b341df5f3228edf3b9f2435da10

SHA1
290d47914c116b7ee971f8263d8a996fc96eed2c

SHA256
e201fc790517ba16514941e167d7fd32e462d5b083ac95f9fb162b57f3843dda

SHA512
d4082d9291dda28ba2ea27a3e609068b823156312494ee2235da56ce7487fb0528958edcacc2db9c7f07c3afd6dbc984aff0c41365a160800fb1ff9ee863a13e

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061707.000\NetworkDiagnostics.debugreport.xml

Filesize
72KB

MD5
e3a63a442185539cbf3003a723b8b94e

SHA1
fed39f6ec5e289b38b0878f828c7aafa06a73087

SHA256
b8fc86531dc51659461f809f21a9c38272e89d7ef012a5272a46f9c15ff7620c

SHA512
264e76545114c40385d4c0f9c59ec8c7048be5e05dced54f56b95e2ecbf548a44ad537cff66d8bbe413012d96468af2c41ead45ec5aa7d4c4d42bcc9c7489127

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061707.000\ResultReport.xml

Filesize
39KB

MD5
4c7a8f434416d3281e0eb7cb95a592e7

SHA1
247267570e2a6d548955fff380055e5cbf5a648a

SHA256
579e4a9746be2a549ef2cac3ad1999c3d8ca1a4b0d6608231341adeff782b0dd

SHA512
1c3aa87b0f1e2341185e8d1b58870895e40e594f8911d91db25e25858b9b5c546a382f6906dd409e1479921e13a6050500349eb27c90ec367f0ff9d84e3a4a8e

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061707.000\results.xsl

Filesize
47KB

MD5
a132714b38eff30b1777a660b52debb4

SHA1
494b51252b9d7b8cedd84da19c52536782a0355a

SHA256
1ce6a196cc0872f50f83ce142d8240a1a1790df56b6e9b6e010a7fc44911353b

SHA512
4c1eb080dcd7d2bed5013b1f68b1ac1d1b46fe8715d8b302106cd6cb4b87f6da65627fe76b6445235cee14154d01f8a647c226e30c015944125345a63782bbf5

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061707.001\NetworkDiagnostics.debugreport.xml

Filesize
72KB

MD5
d26cc0f49b2fd9b97d83777f6b7d4095

SHA1
0a684455e3eab88e0b120f49704e212c28a4652e

SHA256
b6df02a23c810ffec61f3c72a52cf48cb3e45b08e96aade18d8d4e9ca326e120

SHA512
74ff0301db6e67c810f9c35b9c02c1e3bd7595ba8c34f09687af4580bef4892d4271ff178b7f0f930c8f74e2d8da8cff72d3ded70e6c3b86f7496289573582d4

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061707.001\ResultReport.xml

Filesize
39KB

MD5
29c10c3bff4102747de55eef643a44ff

SHA1
9ab645de8b81dd2d8b55e5f9e568360f779ac017

SHA256
ea5cf8df1e1fc91367593d75dcf862209d232b496a3670cbc9f84df57f04dfe4

SHA512
f218638f23bb8bff46f4e350d083a29c9e292e1a2ef9b74d1ac6a9e93357a366b973d1fb3feb38b7a8d32d33a525ddcaed65c806d31e751ee0e380a2f72e93bc

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\latest.cab

Filesize
16KB

MD5
c264e5d860efc46bfb910f74fc568511

SHA1
b5f302cc9aed15c6dd5d893e3163c279ea5b2271

SHA256
1d231757731092e0af1b9d52527d5caf8de62df315582bef370050312f0f836c

SHA512
844aa7f809aaa0ea4920a7ac0111d2a5cdaacbbea9af7d622b1f3f5e894dd061ff02603dd58091abdd4a3bb4a063f879292dbdcdb51923f4cdd85a8b4df955e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
811B

MD5
406faea9d20f38ac981d7d4265592b88

SHA1
5eb793d9c6b3036986b8f8ff64075cfb2bf3d202

SHA256
1fca5dd895f475f6003d30be863adb8d66bfb5617cbf15a935b22c3fb778ea15

SHA512
1ba687e62523c2523fbd3de292ae6ae3af79e301ec7788d28369567efedd8411cc553622e6449fc25014290c94ad333bb0e23cda70b5ea5609de5b6030ffaa92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
51181c7cf3a2d8e04601e8685bd484c2

SHA1
33879f23b458fe7e31392aa898c2352a6fa18f82

SHA256
e1ab66fa65bbd7816eb48f94689cc32cc6d9e981ce1ffa13e1c3f8660e15a831

SHA512
03b23d75b83d47656cf2eed4546e97596b90dd3b6eb222711f328888216d02e18f0ac593798ba2aac8d7c51bf30d408d3897a6c9b7fe94a08a68e20591d890fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bc8052f658c600d180e549eb7710ffed

SHA1
50e8e21bb57b26141e7dac3a4aa4b91835896c1f

SHA256
3249aca1d73eb42f6b79c7b210a11f7e7f8cdc3da019a1a8fc87cb4d5d75c4c8

SHA512
0af8c0785b14fba2370fb7e46895542e2aef15c264ba6017836acc0926725ca0b8363154de2466829af7476d523975df0eaada26b5a259fceee1f11675ba3161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2fd0178e21e702ddd352bc71b64b59f0

SHA1
17fed98a03396eb79d294806ac3d0f167601df73

SHA256
ace3b7e65278bd5221f03e65fb6d122b1f6a7087eda90b131df7c6f11bbd8520

SHA512
f16d0668b8c75f5fb77b9fca201f798f6a0ca3aa987ab46ba9133d7fabbe3c27ed62b5497a57c877ca656f9b759eef248b13fa9c1c5c7a9f347995290aa0b13e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
332KB

MD5
9bc036735d3b677f9970a8ba42806b8b

SHA1
b874b8e3832abc1cb9042dd760410e84744f1fbe

SHA256
228a9f8d4f37b9efdd65b2a377cad09051029d0c373ac8f44dd82991f2e2d413

SHA512
5cffc525ac0642fd2cc3cd2bb28e52ad6cac26a363f9bdd03a0719d34611d2489ccf58111e8602ec02f467b52567d60f7f1654343e11d1d3f7e55a7d234c6ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
e50354be0264b13b9b528f21448f1c7c

SHA1
7ab0352958ce28cce0d2fda8bff25859b047c2d4

SHA256
59cc76beebf84c69f906c5618d5588314b3dfa88de2e53c4f0798df3292d6ca6

SHA512
87ad1384e21381dbe4aa6d83b8c34d623785713d0e7cfa6264fa1e113944e0d3b0946f182cee1b88d6827aa48a85866dcc1d107a2fc1b978cd1df8c57cff0472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
290KB

MD5
0bdaa73b0505e98985ce15d5365e32b8

SHA1
c672d27d382305c7534b2333faf430f27c00f30b

SHA256
3bef40e03a5c5ae5b7d990ddcd28f687c48804ed6065ec54e42bc382f1111a7d

SHA512
3266a1e560a8cbb924cdf12de00b2c263aed318458838625b97023630ad839cec28399b9df61d5aa672e816acdf7eb6958f7abedc732654f0f9c6e5763e1c9c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
42c487e209099c7ebbe55db33cce7096

SHA1
a6b967e0fa03402e34c02fde76992b879453f638

SHA256
c6ced76b4e2f042ba8872c4a2744fd14414f9d74fd6b52050152dd0f64cda592

SHA512
0118d88324db734d54548eb00e629d17e09c3c18f03c963c7e9d6f71e88065a61960ea407253b166311c855ed804cac861a4f65ef74e1848f75b7c858ece14c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
9d97704d12dd32e4930e3c6289ee1350

SHA1
93ad04af751183f6f06293a15b5742cb7c5d02c4

SHA256
aff92557009f9c3b167147efc1f90fe1e8d16a2606e9f4e01b689b4898eba807

SHA512
1ba9c0ae992df3d277b0c59b9f310d4c8b585317a1f7239c3b39a9c044e0bd8167b98f231f41786eebd89a13e8833f239db9d7428ba5960bbc6564295a94b6c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
334a1cb0a0fbd2fbaa3ba71881b658e0

SHA1
e8af62f93012e989bfec4c4c07a279e5e9fa8702

SHA256
85a12a1f38d32ad9238912784bef881fa986fc8c46e18bb35a6374d905e36aa4

SHA512
bb3212e00987bc4eab1a59fad13dea4441cd16b5025babbdd8d58b2058f3f4bc8c22ff6bcb88af326c927c5c08b056b33577d16946cc1e3db07160f4edcf4c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581e51.TMP

Filesize
89KB

MD5
aad5a5358eec8df6fa67aff7f8f6f8bf

SHA1
53c23963e3a43a070471baf383a50a4e361bc8f8

SHA256
8cd8fc8e13229b005c6785a3bc5e3bac6ef52cba62b18aaf8ada1d63601459cf

SHA512
f745c6700d10fa541f1051289fddd5d6932673701fe2c40de1242251e2b722a88631b3effd46c7b545893b8bca18d79762b03b0a340b36f13419b66f78c42fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
cced0aee58a6cfb71adaf2a19d76dc6c

SHA1
0ab3819fe9c4d22398b5d2f592bbbc12af406a57

SHA256
e00ed296496e3cfea18c039c3b50480f581bf4b6e0524b74810c80750b023d0d

SHA512
3866a8b7b54f32a2a0ee97f99a031433d831e13b5cf0592cf4436384ab939d89ddd04f455ee5633110473a08c4564ad578f3b33cbbb1a3b911478f750207b66e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log

Filesize
6KB

MD5
679b28bad1de1bb248ec8556801eccc7

SHA1
4273550d091d50e8292cb5d21bc3f93dbda3e68f

SHA256
d1f7df2f83a2268748bd0aa48572b469bd19ccd03945fca4c81bfa551c2ef340

SHA512
3b45814f4cd60a39a130472fceb982981ce491ed35356c3892d25c8f5e2b878b16ba9d4679b60cf99e226d78c83a1b5d4fd912af0ae4b2e1e75262aa7023c406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3a8f0d2668a6483c5fbcb16f9497c32

SHA1
17dd5d5bb025d8c1d3f90ecbdfadca12ce0b6087

SHA256
6f712fa6b98ad97a6087af7e1ee8150082d8204708fcd68b9824575009b536e9

SHA512
bd690065d6cd2d556cc95b5d2ad36f24e3f5ef6b13fe3fc70865d732a9a196dae43c1fb728416d69b0f1488a772947f5ea34a679609753c88efc53426cf12fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61e79056bfd81122973d29ebed5607bd

SHA1
26b73c6eaf6c928feaa2a4952ed1201c85e5be77

SHA256
32de38ec9ea51cf52389ef85fbc137a0c9b5d4ae4cbe6c55a012513a90af5547

SHA512
a1ac2ace157f8a11d82a84fa5712d68d71e899e4c4bd7b6c66980ac5d3075884a6639e53641697244dbf125f799be4a9ff1a4ae758ca81cb33c07a34a5c8eee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
af45ca943de7233a7105c481a6cbc896

SHA1
df82a37bcafd1a2019477994ae04ffd84ce89299

SHA256
89d7b0897c9f693d27779fb86dcf16eef5f28c5fbec21c0ac156dec38a4748b9

SHA512
a668e1ba703ab5975cc9950b1efeb2980bf50bb18356a8fbd7ed55f0831e97a1ca5d9341270dd2aafd766ed89ff851a136201f0038ababcacd26e868693cc994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2ef40a7288834e8fdcc0153d80545945

SHA1
4c82b24520be5e9caca3026573b4656dc7500630

SHA256
3d673e62b82699b9e1a74b35f3dd5637bfd90b69928dba70d43515d9450f28e6

SHA512
3dcb684560f861b0078a22a386c42798e322924653860932b3c3cf925dfbce44609fd3b578ff868dff875bb7e4082348c72befdec45333e9e52dddf9dbfcdd20

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF3937.tmp

Filesize
3KB

MD5
a9e92c50084c7d056e4a6b76677aa295

SHA1
5307c3d356a57f1f074abdc0743ba9d33c5062c3

SHA256
fcec1b1431322148abc8157c8cfcaaa7da3d8df971e91a3ed26790813b877638

SHA512
70e78f42d4bc51c4b30d61c88ff5593da42c58d3cceb5c1082619a9ca0af460e600e496c41a0a6163e06eef853bcd51df19278c6e3409b7edbec50574ecb9e9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF54C2.tmp

Filesize
3KB

MD5
e310e5578a38aa0803fe501af84e061d

SHA1
ec4e52893b7da842778df8d6658b356de731249b

SHA256
904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd

SHA512
36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2j5ukvij.ebl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\TEMP\SDIAG_19b90995-65f4-40f9-a3fe-c003c458dc46\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_19b90995-65f4-40f9-a3fe-c003c458dc46\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_19b90995-65f4-40f9-a3fe-c003c458dc46\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_19b90995-65f4-40f9-a3fe-c003c458dc46\fr-FR\LocalizationData.psd1

Filesize
5KB

MD5
73ed6c3cfa1b4be760db0db774d80926

SHA1
25d2d10b1edb3acadc7b7c5c72fb23473a09dd09

SHA256
f50167ea32927a71d4b83763d273ee3f6d42ac94ddaf8d54eae7d638a2e7161d

SHA512
4f9ab143b0a2e1049c74dd5ce69f3ec9d85379f5ccc44eb5671d9fba750df15f1a93c1405dff9ee1f36c7018ca4bad03a824418c77fb2dc58f1731d6e24c1713

Download Submit
C:\Windows\Temp\SDIAG_19b90995-65f4-40f9-a3fe-c003c458dc46\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_19b90995-65f4-40f9-a3fe-c003c458dc46\fr-FR\DiagPackage.dll.mui

Filesize
22KB

MD5
b72f4c3997e117ddbc198f26c59e596d

SHA1
7fad03bed669cfeb0b3850ee02c6c8deaf621802

SHA256
09acb34d4c8b4ac23d309b1c5a6bea53a0fee232e42bd3d3c9f1f7faa48b187e

SHA512
a91cab20beb5860f7dc136f9616cf5f6af731114868c3c28b30e783d87a7fe6a7b8e1047da06fe7647a1a4bb635667eb063e72e20ea72cfe41977caff1101242

Download Submit
C:\Windows\Temp\SDIAG_3804d645-b6a6-4616-a742-11b76f499de6\DiagPackage.diagpkg

Filesize
163KB

MD5
0606098a37089bdc9d644dee1cc1cd78

SHA1
cadae9623a27bd22771bab9d26b97226e8f2318b

SHA256
284a7a8525b1777bdbc194fa38d28cd9ee91c2cbc7856f5968e79667c6b62a9d

SHA512
0711e2fef9fde17b87f3f6af1442bd46b4c86bb61c8519548b89c7a61dfcf734196ddf2d90e586d486a3b33f672a99379e8205c240bd4bcb23625ffb22936443

Download Submit
memory/1452-2-0x0000021233750000-0x00000212339C0000-memory.dmp

Filesize
2.4MB

Download
memory/1452-13-0x0000021233750000-0x00000212339C0000-memory.dmp

Filesize
2.4MB

Download
memory/1452-12-0x0000021233730000-0x0000021233731000-memory.dmp

Filesize
4KB

Download
memory/4340-14-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4460-526-0x000001856DA90000-0x000001856DA9A000-memory.dmp

Filesize
40KB

Download
memory/4460-513-0x000001856E850000-0x000001856E8DA000-memory.dmp

Filesize
552KB

Download
memory/4460-523-0x000001856EAF0000-0x000001856EBF2000-memory.dmp

Filesize
1.0MB

Download
memory/4460-524-0x000001856E9E0000-0x000001856EA02000-memory.dmp

Filesize
136KB

Download
memory/4460-525-0x000001856D5F0000-0x000001856D5FA000-memory.dmp

Filesize
40KB

Download
memory/4460-531-0x000001856EA10000-0x000001856EA26000-memory.dmp

Filesize
88KB

Download