fbe3d7b715be1c3921f954c92d2132184c82c07bab6c0fea97c5a7f80ce28973

Resubmissions

06-07-2024 13:22

240706-qmkvjsyeqk 5

06-07-2024 13:20

240706-qk5ryayepq 6

Analysis

max time kernel
117s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240508-fr
resource tags

arch:x64arch:x86image:win10v2004-20240508-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
06-07-2024 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Injector.exe
Size

1.0MB
MD5

de2a595a1e0722b1f904a09d2f8c880f
SHA1

d9f308756095874a2529db21978129fdeab3ebdf
SHA256

fbe3d7b715be1c3921f954c92d2132184c82c07bab6c0fea97c5a7f80ce28973
SHA512

aa1c8e6dc4f9e3534f77e4789e8325e2f7a2afc26e2aeb64ea88eb14615a8e15bea3b088cdb299aefbf90fb449d578773fa860f33ebbebc1c0e83f524d748849
SSDEEP

24576:jzzT/BJN7m3E/6hR605i4rmOajEfw+Jwz/S/6yyFoBkkA8:fvBJN7GhRo4rcjCw+W7SCran

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647456381952210"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3296	chrome.exe
3296	chrome.exe
5484	msedge.exe
5484	msedge.exe
3296	chrome.exe
3296	chrome.exe
4304	msedge.exe
4304	msedge.exe
5764	msedge.exe
5764	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1888	Injector.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe
Token: SeCreatePagefilePrivilege	3296	chrome.exe
Token: SeShutdownPrivilege	3296	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1888	Injector.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
3296	chrome.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 5048	3296	chrome.exe	84
PID 3296 wrote to memory of 5048	3296	chrome.exe	84
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 3596	3296	chrome.exe	85
PID 3296 wrote to memory of 2160	3296	chrome.exe	86
PID 3296 wrote to memory of 2160	3296	chrome.exe	86
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87
PID 3296 wrote to memory of 4044	3296	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad222ab58,0x7ffad222ab68,0x7ffad222ab78
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4240 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1620 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4556 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4048 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5056 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4232 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2328 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3948 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3960 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4832 --field-trial-handle=1804,i,10410303864887804623,1948632588929412083,131072 /prefetch:1
  2⤵
  PID:3316

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultbdf71f28ha704h461eh8085h7584df279d0f
1⤵
PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffad99d46f8,0x7ffad99d4708,0x7ffad99d4718
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,1000953891527355392,13866782083989080151,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,1000953891527355392,13866782083989080151,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,1000953891527355392,13866782083989080151,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:5492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad99d46f8,0x7ffad99d4708,0x7ffad99d4718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1985895604591994623,135116794983137385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,1985895604591994623,135116794983137385,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,1985895604591994623,135116794983137385,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1985895604591994623,135116794983137385,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1985895604591994623,135116794983137385,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1985895604591994623,135116794983137385,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1985895604591994623,135116794983137385,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1985895604591994623,135116794983137385,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
361aea70affe0bc13ccebdabcf177758

SHA1
f5e0f1781eff2bbab7fcb8db3cd58c77156ae689

SHA256
3223a1161bafaba9ede2caa6ef4629fa0bb240160cce6cacbcf2cdf3086cf008

SHA512
5da7d319b4d9910ec59b10d20b9ac88fa680904467f7900df3b9f0dcddd3a5b4717abc054d33c0cd66a63a4acea5b2466f9f43079117cca94da456a79ba14310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
13aa26ccead9ceefa9788613b5917687

SHA1
a27b8dc11b878a2f92c6b4be2856a454bc07ca0e

SHA256
a483fa2e0fdc4807b75c3abf4d7b0c33f78f2ab9b5d91b217cb24f221676e59d

SHA512
9e3eb3ba094010dd795b7b9fc5d37ab6d94b67826bdeeba442c175b22ba71ce902f9f80121f05f6cde12d324e566b183603856f205e0a5252becd76771d11a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b979d4ce-6716-405f-9ec7-81e1665ec4a8.tmp

Filesize
7KB

MD5
ae829e72dc1594426b2fac7b0bbae5c1

SHA1
06b020325fda3a655bd713dd8f3a004046fe5c41

SHA256
fd4526e97558a18ba581d604d160d8f7e90dbc1e2952ed4243c24efe6715212f

SHA512
3dc31b8dbc9381eee936df22e0d1430a437dc8db2d2c3c8e5a647c562b03556df46761f6c9df7876875d39fdab1e3f194ded32edf0c4195a93ac68266cb904d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2a082aa4ef2d53a2707b9762c10ca87d

SHA1
ab53785568241f61d0fd86b2c9eb2d8c7744210a

SHA256
275a5354e097fdb106c8c2cc17371b6e7c76bab6fcbcd6fc5b52dd9fab096833

SHA512
d9fa85a8dfa1e50ccc6381af3adf60fc0ad3d3211a32c401c87131c0f17d83a96969abfbb68c7431447d1b80d2212f5b5ef51dab38ef7d8c915ddfaad7ef23b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
9d83e009e683508fd8a0ab5f9c2a95fb

SHA1
7f59a2479de8b6427e75a336ec54956e5ca07b09

SHA256
2113c9ba62b062698baf35cb8f17932f7e5e4b152400b0a7252618c3be1e57fe

SHA512
d8132397ef63cffe6efaf66c4564d1e14f7dd9d133536cf261c29d5c711e1e7823b2bd4cc66a1690173bb952602b6ecd8fae5ac1a48e713e7c1d1eb63409d6c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7c9840d19bd2c46a67fd7af3021d1065

SHA1
51643cdca8c12b6e7a4a1d9387f02657cb2bb6dc

SHA256
0254852c49c33112c8b83689dd83c2f5834b999e1ddaac10922481496c32d3a7

SHA512
53016dffbcaffceb88ec7fbb552d1b0493553e39f6d89e0a9674d009ba4ae4d2e517efecee99d740b8bee21a87aa0f2089fac2ef2d5a8ec40cd2524eb50922dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
1793114b7b4e8b309af65ab73084d168

SHA1
529500b21705574ed08b5fdd128737bc53d31e94

SHA256
61af38268abe5227584d0b8e6e777b4b95825bf88d50244d109bc2ed8103f779

SHA512
8b93d02e8a50236f33f385e9a78cb565008b60ae8822e5964561f151f87c7c1b39be832a7c56951961b4168c08c6278277503fe0057e0736b48c724692177818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582d35.TMP

Filesize
90KB

MD5
4abad3cb33489f5fe5097c498365538d

SHA1
d80d9333c8e7083532c0f2b411000c6434429a20

SHA256
15467df94256d9b2d8875ec57e0a883856ee4baf40fa478e136a8c451d9d7847

SHA512
543b54e71ac8decb7b13c0013da03eb0b95c584852926103f62c92185bc893c62a83bd4022fe703e31ad9c1b850069f1c2709caf4cbe65137de004309fa10f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
57681da3552a97dc7f23cba8fb3b8aac

SHA1
02d5396a830d66b578f4863a162722f990406212

SHA256
2ae9638bc4c15d85abf692dc467d6fe94bf5823d51013da02c376cd9c6256d19

SHA512
e6ba42e2baec92348648b231cb4ae37a94dcb029cf7a133e8d7895f64d1b05fb14bda8eedad51d1df546d0b06459ba2c085d823ca21077fc15b8add2111cbcc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\510708c7-f4b2-48b1-bd82-9beb8fe490b1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
2eba15e0f1b4b736646a7e03dbdd7cc3

SHA1
f5642ba5d1f213f6b98e276b1cc8944f8e4790b5

SHA256
d6b42c1f83e86e3f7972ad6176fc99198b9dc132db0d6e2cfee2f4011190702a

SHA512
533d49feb689a7b32429ceace7deb9ca7297971790209a4eb38dcf96edb6fe15b2bc9d9e376c3b4fcb66165fce37d5c4a3557385176553717720c30ba27853f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5a44b362a03b5112bbd4eed0607d9f7

SHA1
b7ec8a603dd4c148efc2577fc01ed62c19deea8c

SHA256
e919088ea4d81c7c11716250fc48d76281d5fab222b4546207ed5190ca3db00a

SHA512
286b257c3952e4aa6e68df0d7915fc6dfb984829578aa3803c8a907b5c597c8a4ef26a75f4e84a677f4b5e5469de5dfaf40f26f2bfe5e265a4cff1216634f449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05672333fa19c4cf71b954f86f7374e1

SHA1
acd241cdd7a7b5a5033ce5e1048103cbcd633c55

SHA256
20c3945bd289416f0526753a4a75cd8661ea613ff71704f6a785bf5800438f4a

SHA512
4c3ab25a47ac61b2a05137036eecf88db38149cc0728f416263f4864bb0be282ab7382d245a46654bf58ede659c55e4df4704f3880148f7d50a98de399cfcf93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e4690a9c286963aa8b0e2c42cae627b

SHA1
f6cef71492d5d3e19af7b894ff0a5b7735c0cc29

SHA256
afc7b03f063b9cfec8712b84d351377fee80a6836aa35b289d214aa267a04cc6

SHA512
d5e3222d18cbde9520d2717a8274241ec0be35b017d838884bea5ccd51dc4831deeaad8d5feaf0ebabd03940b37d207e587b542b60cbef88523c2bf1005e8dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
3268313dbdbf37674d771e6589ab0211

SHA1
8128d1b190b95166cb16c3725eed9c808c3b2789

SHA256
f6241e06a424ffb4e0504faeee170969ad76231a5f1ee3f54bbd699c1f521622

SHA512
87e5e7ba7d95a594ffbb7515bdb023ee45e8fbde8dcaff6961a76d09056c9402774f92786ff2ac18d2045b2bfa410e9b9bc6d77991771fec07fead0b1b125f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
10f9894caef219d1c0145285ad342d51

SHA1
32167f706c5ad0ec081e5f7b403f98d41565f418

SHA256
f0850c7d73dfbc23e5b5fa3a60fb21a098457739ef6a6c5b87ba925ab0b581dd

SHA512
959417a0223a9a6ed20df6c872143d2d166d1ed568960d1260a73a286b5d68681705e9c15ee76795f7d5d4b6ef1e0751bb2ca07fd6aadc70d7372731cc336d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
378d249a3cae530e37d3af541660284f

SHA1
89d4cb1993c25ef7cc60ef82fe7ee2b44d4328b1

SHA256
6ca168a3efb3a236ac38c0454d226794f47c65e31112f2f286d6e16c38d24b82

SHA512
6389acc2eb507118a657032399b03be49a32c4be37f3d96bef67a7699af9fb23caa19f1893a1b217c4138b65f7f4b71f634275f1efb6b9971bd47ec0b41b731e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0861499d3e0af225a2e9e43648aa7c80

SHA1
e0fe29f10de87706e813dec84fa3677df4b39ed9

SHA256
08c0d002a0680b2a5483bff038c50afb4ee4c0d7bb4ca22e5747a284158a0541

SHA512
c2e6719d909b96f46fcc893ce00943410f5c561b0125c73637ac0451e74e21c282a129514114483974faf8b5da650167d852135e44e26485e74c6bb4d2c6fcb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/1888-2-0x00007FFAD9E20000-0x00007FFADA8E1000-memory.dmp

Filesize
10.8MB

Download
memory/1888-57-0x00007FFAD9E20000-0x00007FFADA8E1000-memory.dmp

Filesize
10.8MB

Download
memory/1888-1-0x000002C8ACDA0000-0x000002C8ACEAC000-memory.dmp

Filesize
1.0MB

Download
memory/1888-3-0x000002C8C8E40000-0x000002C8C8EFA000-memory.dmp

Filesize
744KB

Download
memory/1888-0-0x00007FFAD9E23000-0x00007FFAD9E25000-memory.dmp

Filesize
8KB

Download
memory/1888-5-0x000002C8C8D80000-0x000002C8C8D9A000-memory.dmp

Filesize
104KB

Download