Resubmissions
21-06-2024 06:37
240621-hdgsjazdrg 321-06-2024 06:35
240621-hcea1stfpr 321-06-2024 06:33
240621-hbbthazdpg 321-06-2024 06:30
240621-g9gxqstflq 321-06-2024 06:25
240621-g6yfbatfjq 521-06-2024 06:06
240621-gt28qszbrg 1021-06-2024 05:55
240621-gmrtestdjn 10Analysis
-
max time kernel
199s -
max time network
202s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-06-2024 06:25
General
-
Target
steam_pfp_1.jpg
-
Size
5KB
-
MD5
db49c318451e36edef4137e52013da0b
-
SHA1
672212d918f7a67e9667efa50742d30f86663cf2
-
SHA256
dcf6bfa9392179f23ce11d1fe78325845bf0d1a921b720ef3cd7878020623e42
-
SHA512
5688a951972310da828bae076187e111adbd7670a8664a40ab6c26ffd4a85243a7c6a22c5482e889b8d058a0826c0654fd855035393a2ca747c4d5f2700f2e95
-
SSDEEP
96:VWLxsrCRz/hrzk1aCJCUvY6gkBMmkSM8AkxudbpXSG1i:ETRzJ8DJRf3RxJYxpCyi
Malware Config
Signatures
-
Drops file in System32 directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: LoadsDriver 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 55 IoCs
-
Suspicious use of FindShellTrayWindow 55 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\steam_pfp_1.jpg1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05a5ab58,0x7ffa05a5ab68,0x7ffa05a5ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4920 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4628 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4620 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4604 --field-trial-handle=1996,i,7513830523787733016,14465652519697143541,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9f6cf46f8,0x7ff9f6cf4708,0x7ff9f6cf47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:12⤵
-
C:\Windows\system32\msdt.exe-modal "459280" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF215E.tmp" -ep "NetworkDiagnosticsWeb"2⤵
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3234315731790927993,265844530038691076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1340 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\sdiagnhost.exeC:\Windows\System32\sdiagnhost.exe -Embedding1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\netsh.exe"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter2⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\system32\netsh.exe"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter2⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost1⤵
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun2⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024062106.000\NetworkDiagnostics.debugreport.xmlFilesize
73KB
MD569780c55b9a24792bb6cce129282a071
SHA163ac7dbc4b11915a77c13dfe09e381db31f673ae
SHA256d2dc7fc95d4283f4e179ab1b76040c431df2349e7618c3c22058add1bdf097b8
SHA5125ea91b5455e9cd0447587012babebaa6e5f9716797a8d3e80c885869f476183cc5d3148145c9c5fe11187b3fff93b0ddc373204da88cb8d0025085f936836913
-
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024062106.000\results.xslFilesize
47KB
MD5310e1da2344ba6ca96666fb639840ea9
SHA1e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA25667401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA51262ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
811B
MD5e08c1d076fa992021dcc107d1fc2e7c8
SHA1175973d41a1f87dc9ef6a2074b7d6f37458d5e02
SHA2566b8d1a8e9aa338181b7d091209288f05e6615be7d8ec4f3bbaf1e28120e64e51
SHA512040282be2037b6f26a84f6d9d16a752644c59c0e334a6cfa652d43a7e2c6e0dd24d9f4d5c18944d32ce30226a8d0dd5d3a551d6c53dc3d17aab9eb7b088eba4c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5d2841daadc6d170eb01b2825d9c9f95d
SHA11c45c49f746a11efd4f01ff7cbc2324eff6ad639
SHA2568a3738876b15bd6500da8d564c768e7596617981e9bb2c29ee07c7612e5afad2
SHA51265c6246c14cac855f4bca041c561cef318ad5552a2972aa6a5f47cc7410b43d8ef030a51bc0372959a0b1b65d7085d2f0dfb5a0e6c1e2565564525ef0af909c0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5f84de41eb89a661f604ccbef6b9218cd
SHA1311f8eb65c63140abb4d42f177fb19c7f8530b6c
SHA25681900889cfa612fbd7ec146471d8b87e07355fafbe516bc00f0c8e59982ac83d
SHA512dee3aa51037359d9124850195307ad73ba60b03c7c4756ead535d6c900343be96124dd8df0887277ebae2c4ae9107d95fd882cff639f2fdddc460770eec42d26
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD525ac91e7827d09fa5113fb5d53f32e44
SHA11ced4eaaee1af48c8bdf9a757b6f34e0c0f09842
SHA2563c6a75b177d6223936cef04878be12dd3dfc3ca20abe3341b062aa497a18d1ff
SHA5127c76daec3e1471fed97fabdf28aeb2a2ea2b14ae1a4d79d59bb33548ad830b22b9b61541b2b4da64aa09418bd9310ef800a24986ff327d1c9a07c01a59107afd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD5ff5425c04ebd88e581769ac899eb241c
SHA1cffe2aa5f3d19979c062a81538164d9f54ccd2e4
SHA256aadeb5b2c820874961cba4060c002d11e99a54f28278914e79d9150a7062c88c
SHA512d3914b4ac405b4e85811e7f823cf7402213ca0af2e9588e33a3776177e56af028de1160235867afd8a290cad05b621823babe2015bce4ea06c01b9319ec78c5b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD5f95e52ce5ebe260b295e068169210320
SHA1245f105d100e670905dc04956be299752e8bb7d7
SHA256cd857d3307e5a3d0260701fe0f894ba66c7d0a590d7561ec504ff24ab1831c39
SHA512139942f8d77d4ab319a56b485006365ceee561afd9c2eb46b0b93128c8a5898643a542494eae8ca5c63deabfa2f5bc7e6f2c8b82daa1295b25bd6681eb3e85b5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD51d7c5cd3aabec858d09c2f22a9947903
SHA100355b6fe384e0aac6c1d60772225d53450bb742
SHA2561c7431845a7721af56b988be546bef93bf25da36f42b1808ea8fcf4a6e5331a0
SHA5127952ac6a6efe00e2be54539cce4dc5a644907bda430c8508bb46fc2d0a12506a4f9b6215a0e6a9a2213da9d788712a64c397c8f8613912587b85de5cca8fe8af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ffe5a5ec717375f778a5ac66785448b3
SHA11f68e9e250915d2e77e0b2eb7f217ff04009061d
SHA25654b212fd691ba78cbbc5ead27fd8d11d5e620a7485de915f979a6b2a9497fc0b
SHA512463be2a23f231f3a8e9f5db3eada48a0f657e3d27227e1c2dd51202999e06d465fda332f0b939ca34eccd285d80869600e87e65af98c26867b899de390b71603
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD599533ad10933e2ce2c3f8a4546264715
SHA1e6c5ae928f09215053c71cf075e00be4e9142461
SHA25689770a73814ec042e6dc543a3271be9a3376b9826659ce75e01087247789147a
SHA51229bf2d8a8621d2bcda6d6e191d828f6206b888fb77fed96816d5f8d46c9440ae51de174b74f3060c43e1c7bc3539973795c9e3bb77c4ac851161521bcc8a6b7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5fafabeba411d8ec480c920877ae02245
SHA1ccaed5ff6977fd0b4ef3725feaed449af9fccdce
SHA2568151185cbcc2fe43e09784a73096f1f76a2a9ceefe7d2aa6c4cae99b58692572
SHA5126dd4a4248af77793d28a7646f88ff5d54356bd30d65d97cb9259abdb3008ddd3cac12cefe60f1f822f5b49a2ae482016bea05b1b6ea9dcd58a59273bf8b399f3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD56355293361a0d75d8dbdd704ed23a981
SHA11d3f8806892eedc124a9ba03193e011b28ddfd3d
SHA2566ab18f15f192950cebc81f042538f999bf04c2a3e460cc7deeade0a26ad63582
SHA512b767e0dd99a8875889beb2447c3b669575ecc249fbfd5834e0964a305b4f2515f1e8f3719fc96cc9bb8d9b0e31446d8fa8e475179e4670ac85de7cffb295e36a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5692e886d19184f497556a27d5d072c8f
SHA164dc1f8aa8f9eee46262e00586476c4704501350
SHA256a1721d518b810e7f3c88521c6a75de406d3bd6436176a42db6ea6986ff6b2ced
SHA5128d5bb7dc7f92bc93da0784711a24124e301dc609e7adfd2a9e130cbb39e060601ba9eacb69900ce6e34416a0c74001487a4a17e69d53d69bb1756642c2e67cf4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD51f8d72d3dec8e1eac947aeb261f047ae
SHA1f59319170a3d64be995cfafd93314b59af132ab0
SHA256cc22660774fc9dbd976c75fbafed22eabdd6db2590abd603fc0e8148013359a9
SHA5121e503a9cda571f5bf0d05aac8f5ed098d017777dff8f3a3bdd9d345435ac5b645eb541a2b5ed4e113a061323cf056cc275c6c8bf2fe9322f77dd1924f593d64e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5a5dad5e123dfb8282674b74ed5a55791
SHA15a4e404b4eb49784ddf95aefdf65ab9297c6313f
SHA25636f4007006489b116cce77e1c26c508cb47d8411d5471610fe6cdab15e511e2a
SHA512f028a06028d05643a7ffdab25c75dd31d9d3e7d00631475f1980ab03591198c2695a0017d2985657f00c633db9fceba28bfff67c80f6df3d5aa48af9c367977c
-
C:\Users\Admin\AppData\Local\Temp\NDF215E.tmpFilesize
3KB
MD5a9e92c50084c7d056e4a6b76677aa295
SHA15307c3d356a57f1f074abdc0743ba9d33c5062c3
SHA256fcec1b1431322148abc8157c8cfcaaa7da3d8df971e91a3ed26790813b877638
SHA51270e78f42d4bc51c4b30d61c88ff5593da42c58d3cceb5c1082619a9ca0af460e600e496c41a0a6163e06eef853bcd51df19278c6e3409b7edbec50574ecb9e9e
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cdydoysp.dkt.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Windows\TEMP\SDIAG_d61fea5a-19e0-4928-afaa-1df783c275e2\NetworkDiagnosticsTroubleshoot.ps1Filesize
25KB
MD5d0cfc204ca3968b891f7ce0dccfb2eda
SHA156dad1716554d8dc573d0ea391f808e7857b2206
SHA256e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a
SHA5124d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c
-
C:\Windows\TEMP\SDIAG_d61fea5a-19e0-4928-afaa-1df783c275e2\StartDPSService.ps1Filesize
567B
MD5a660422059d953c6d681b53a6977100e
SHA10c95dd05514d062354c0eecc9ae8d437123305bb
SHA256d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813
SHA51226f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523
-
C:\Windows\TEMP\SDIAG_d61fea5a-19e0-4928-afaa-1df783c275e2\UtilityFunctions.ps1Filesize
53KB
MD5c912faa190464ce7dec867464c35a8dc
SHA1d1c6482dad37720db6bdc594c4757914d1b1dd70
SHA2563891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201
SHA5125c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a
-
C:\Windows\TEMP\SDIAG_d61fea5a-19e0-4928-afaa-1df783c275e2\UtilitySetConstants.ps1Filesize
2KB
MD50c75ae5e75c3e181d13768909c8240ba
SHA1288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA5128fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b
-
C:\Windows\TEMP\SDIAG_d61fea5a-19e0-4928-afaa-1df783c275e2\en-US\LocalizationData.psd1Filesize
5KB
MD5380768979618b7097b0476179ec494ed
SHA1af2a03a17c546e4eeb896b230e4f2a52720545ab
SHA2560637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2
SHA512b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302
-
C:\Windows\Temp\SDIAG_d61fea5a-19e0-4928-afaa-1df783c275e2\DiagPackage.dllFilesize
478KB
MD5580dc3658fa3fe42c41c99c52a9ce6b0
SHA13c4be12c6e3679a6c2267f88363bbd0e6e00cac5
SHA2565b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2
SHA51268c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2
-
C:\Windows\Temp\SDIAG_d61fea5a-19e0-4928-afaa-1df783c275e2\en-US\DiagPackage.dll.muiFilesize
17KB
MD544c4385447d4fa46b407fc47c8a467d0
SHA141e4e0e83b74943f5c41648f263b832419c05256
SHA2568be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4
SHA512191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005
-
\??\pipe\crashpad_3028_YVMHDYNCJYZUBDVTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4856-610-0x0000012D53580000-0x0000012D53590000-memory.dmpFilesize
64KB
-
memory/4856-614-0x0000012D53C00000-0x0000012D53C01000-memory.dmpFilesize
4KB
-
memory/4856-606-0x0000012D53540000-0x0000012D53550000-memory.dmpFilesize
64KB
-
memory/4856-863-0x0000012D53D20000-0x0000012D53D21000-memory.dmpFilesize
4KB
-
memory/4856-864-0x0000012D53D10000-0x0000012D53D11000-memory.dmpFilesize
4KB
-
memory/4856-867-0x0000012D53C00000-0x0000012D53C01000-memory.dmpFilesize
4KB
-
memory/4856-866-0x0000012D53C10000-0x0000012D53C11000-memory.dmpFilesize
4KB
-
memory/4856-869-0x0000012D53C00000-0x0000012D53C01000-memory.dmpFilesize
4KB
-
memory/4856-872-0x0000012D53B50000-0x0000012D53B51000-memory.dmpFilesize
4KB
-
memory/5712-580-0x000001CBBC6A0000-0x000001CBBC6C2000-memory.dmpFilesize
136KB