f05b44e0c8c626cfe1ff330c4d15e5a761e7bafe5ca6d13fc5467e6b7e9ede9e

Resubmissions

14-07-2024 18:23

240714-w1gypsvbpd 1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23b5f6.html
Size

10KB
MD5

eb5373fbc5c0a8a649609808baa77ac5
SHA1

1c562d1773ef168093337eba12289a6f6bdbcb0b
SHA256

f05b44e0c8c626cfe1ff330c4d15e5a761e7bafe5ca6d13fc5467e6b7e9ede9e
SHA512

75a5e557dec99a260a89b22ebca7c9693bbff0cd8054f8117b969cfaea39558be02ad86ade620334aab09c33fb3a0686f291ae3f18f5b3fc068b336f94d055c6
SSDEEP

192:XqWW+DWDbSLSLwq7qLEL5LgTLeL+LDLzL4aQoFnwichVfUV/ILc56IpVMyS5kgXF:XqWW+DWDbSWSolkTK6ff8atnngVfUV/y

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654550423867285"	chrome.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
5036	msedge.exe
5036	msedge.exe
4140	identity_helper.exe
4140	identity_helper.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
1244	chrome.exe
1244	chrome.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3564	taskmgr.exe
Token: SeSystemProfilePrivilege	3564	taskmgr.exe
Token: SeCreateGlobalPrivilege	3564	taskmgr.exe
Token: 33	3564	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3564	taskmgr.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe
3564	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 4380	5036	msedge.exe	83
PID 5036 wrote to memory of 4380	5036	msedge.exe	83
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 4424	5036	msedge.exe	84
PID 5036 wrote to memory of 2568	5036	msedge.exe	85
PID 5036 wrote to memory of 2568	5036	msedge.exe	85
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86
PID 5036 wrote to memory of 3300	5036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23b5f6.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce17046f8,0x7ffce1704708,0x7ffce1704718
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12069093628329452694,4580908890406748147,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffccfc4cc40,0x7ffccfc4cc4c,0x7ffccfc4cc58
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4972,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=240 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3704,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3264,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5096,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4592,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5452,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5532,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4660,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4532,i,4365058223103146858,147238351309329192,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2168

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x494
1⤵
PID:5768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6d14b425-f295-4806-b25d-fa13d0a6cb1e.tmp

Filesize
183KB

MD5
cba433f2e8810e21c62f722a33dfe4c2

SHA1
33c22fbe2de2b83ec731f40589d99fe1331e0cff

SHA256
c693a05920ea0f8743dac0ede639ea758abca0c79ae4cf81b7d851d649a6c4f3

SHA512
e5e169809cc9deca7bcdbc698c9bd8211e147f408c332a80617e4951929bf5ef44355b16117aa5a407d2bda918c8c8e7cf96e0a5fe618bafd2511a3f7cd2aa58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0982430272bc25924d622f98a44702e4

SHA1
684ce60396583a10bfcd3c0287335acbc7070f8b

SHA256
8c9a611dec0cbe977e64bce8384022c55c6bb5eaff53f85858b1a6ec4d9b7c59

SHA512
f8d947f90f7679c5f1935793cef6fadafe59d51e1db6caedd39695498afcf6b16dc7bffeaa5ad7ac70e75bd509fa7f14d52e352b3f1ab70f4e22c78ebaf718c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\66ca122f-c904-45f4-a9ec-87f048051f39.tmp

Filesize
3KB

MD5
ca90a8da91f6186b128f621705bd8faa

SHA1
ec4535a46bd5fab4f5eb36793052b9bd3ef665ab

SHA256
805773dceaaaffb38780956481b985675cac916e4bef7332e441a663fa61ac72

SHA512
47787150f6939172f01e4b664b03c3514040ffe9a55ed463220952653f71812ef790aa1bf99d6af53bc7f81aead2814c5206abb8c5a49905212c903b177539c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
86f7e6f2f233ec46f3865d480c0b8fa4

SHA1
9bb0ef6424ea2a173ba1fc115bc3dbba6882d4a5

SHA256
6b45901b999d0c0ad4710a4c97684c7e2cc424d509986d1dd4d9e990d1b43959

SHA512
40a01a662552353c57c6da9d518ff5d2d67f162ccba724c5db49121cfbc4d17dbfd3fec2fd4d130d8f41bc3b5b9c95263c5740cdcaf986119fbafdef1cd633ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
797fb8bd23c80f51365491bbbce650f1

SHA1
5864eb1586b1035b749d872896db7a02fc35e9b3

SHA256
749ba5d71a24749a7181d7c0d7167d58102f1917a0432ec3815df88e99c26c0a

SHA512
e48c0a7f31f709a474c97a4ffb582b97e9a3bf2952aca67583f2a37721474f5b55a76e64caa8af4e93c9ae094e93febee8055ab111dc9a9260efb48bc29766b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e49c06d3716c033a8918a27855b153ad

SHA1
60c7c788cbd7e44051f586baaaf64246a1a57f5f

SHA256
7527112f1adc1fba7fe1b20540bc7fc5eb0e16c8fef054cf733b20ec5ab18ffc

SHA512
fb10224d6e854ffb58222d4d82fc4c35fe026a78b7cadf9f65a08d0676d568d770c9bea58668437f19db03f61ee121edcbb497c58620a5b48960f862799ec69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a410dc3dd5906cfe6094868ca8e95d3a

SHA1
4ea5ad533d81cb09f5390f7c120165424f8f6016

SHA256
0957f9e20c7c86a79f687d206beeee835d13bb8d28619d8f9137791e7c3b3271

SHA512
6a8b6736cb71f9c10b7ac6de85ef9ac3f2d6f86a42330b0605b087f2b8e98a7b00f3ad763872d1e576ccb51a186533a1eeb8aace234a62f25d1d7b2d5ada78f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8c1d3aa71aa52136cdd1e1bc0ec4792f

SHA1
29b74b02a77dd68cdd53190d193580563f0759ea

SHA256
e0b2a97bfe9b1737225200b0f61b32da972c2236ca6eded7fd8dda450edf5034

SHA512
2cce0af2f52571848941fd78fd5149224c2197d2f9e9b62db6e2559924d8b701b782fce02c8d9e501e7e8160ae2a1acbfa387646d5df4d05fec4f9ad41cd2e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ba3121d3df095144e10d48af08beb937

SHA1
63139d48ecc7d9137f795bcd5fd680350ecdaedb

SHA256
15e0750e42c80010c41aa0c82e410582f809a6a354c57e67cfa22461865dd485

SHA512
b891ff08871b01ffbb1d0b26797eb204a24d9f00a7555d68815268b4248e4ce8295222d54775bf725551c0cf7abd1cd23c88419244964896b4db4947e2fc8642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09908c064f59e6cc77f8218ccad29ccd

SHA1
76cbd47a141c44825b15359cebd081e48e2a3db1

SHA256
5c8b123fe9706c4208f28266e63c90b69bb14174df0a59c1d5bd566ab7fc78e4

SHA512
6a7a246df7de044cd6b651d6e9733a0df9a4fdabd6ebf5877b78c5f59a2b6ace76147d4a1d2c09e4cf372701b628614ca2c065b03df8b0f45ce0b999d4f70327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0eef55b9b4422f8dfd55cddb1d7d327

SHA1
6516f8c79739b57c559b977c730b8f44a94fdce8

SHA256
40eac55f7f5e89a4283f67f5be0015860c2948af5948635119609a37270efcdc

SHA512
05e2ca509fa77572e8ebd7988e8c405f1494e66e55ea2edc22b36c3cad8f42f12ed2904fa089c08f6cb7aec91aa327377c9aba38fc69d0d2096a83866288b7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aab1214df8d43d33e362c0ad6782e099

SHA1
0df0142baaa348252a38f1bb85b8f6c86e1d0e1f

SHA256
6332c0088596abd9cc98c280bd8f7850eba1ab7fad9e4916c8b204f7110df401

SHA512
fa81507ab2888049cbe63e95fe04a1c7cf9f3a02a940d3c284f766dc0d99606d53d8167b43d5ae7ac17e4471a550b5dab97b20462241122b54a04d29cf08b117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fa9d0615a1684cc9ea2222f20f75fd92

SHA1
0e3fb63641e712bbddc508efd75b3e5253a3dd9e

SHA256
b431c962bf7e602f839935181cd76b4a8244c7f64287858981184dffead8a12f

SHA512
3c5f82b9d554896c722107047a872b39307926c93a3a6bd3e7e3ef4dcc4cf060329827c44f37d85e6667c1ae53fcf75858eabb91fd1cdcfa3f4a7180f43e91ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cf85f4ba1abd9feec44b106e9ee87608

SHA1
d9aa5077f73064bd82505ba11b1cd73103b0bbfb

SHA256
deac8fba69ab32702cf4d5285065cee86f478ac2e8e7121ccb45a9c1167f2a0a

SHA512
60aa19dd7e40b599808a0b31b60368bf433c102aa56554a894e24f5dfe4a3cf1a85d79af8a5d761605ac9116a83d13942154777672fdbb3a2bb67aa520a63a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5e43a3e2a85e35e564e11098feac9db1

SHA1
2d82adfe3c2cc562ff05e78df07ac0dfa3c1d828

SHA256
cf2527017439add9fbee659f008fff0d8d75aba243ac7e9a640119f5f05949a0

SHA512
79036483efc4e19f9492814700696d2d889f3847934ce158da04f6c06f428e195ed1a9c8d6792e2af9721d1be8bb9b5c278d723e14009a3bcdf5e7705d1b14a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
81c3e061c7fcb80ab213427df13d960b

SHA1
69b26a3f1f1df332ce7dcd1fc944f2795240bb04

SHA256
8227f8b63e9165721cca3ee2d258ac959bdf40d3f9f856ffde2eb914306dc657

SHA512
22b64537698fad5f91b66100dc744a5ef0cb052bfbe2ff3a5b2a32c97c87e391c60f44df4164a6fd5c953fd1df47f7bd7086ea117b6ae7d2e7989636d98c5608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
904B

MD5
1879031f0088a9aad588a7103a6ec7ed

SHA1
5895555c6e38412f3b87ed99d3d9aef915632668

SHA256
97eb7b8c9db51c17b5adcc18a419e59e26de94bbcedfb113898858f24f3051a6

SHA512
1b60d5fb6c1e76f566ec10ce16d46640b9b6cb54639d0617e54d4d49b3b7160e1bba6cbb9d4bea19ec9acbcdb1ecd777ae2fbb341b3bdeb309df631a6c1ae759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a022669ed1041b254077141ad427eb9a

SHA1
f8337dab4ff9c64ad776014c903c94770e967ee5

SHA256
6bbf9ceffa3e93b61281e4a47f470a0c165a817b1c48473073fed9fa5a7dc036

SHA512
c62d2855255dac0379642c01d954e5fdb1c0b72b587dfcb44a4035c08c40707fea826a99b6e62c8da5b6e7941bf09244202ab2ab9157278d722f02a4e3ba7da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aa039d84-b691-4fc1-a9b0-0e90ffffa19e.tmp

Filesize
6KB

MD5
5e5f2f03962344541e28b66362a4db88

SHA1
3a790cc03305b357a3f08dd47840dbeb1d4a7b89

SHA256
e377a5d3d2ff754c846d0b7d205a51faeccba933882d48966a70cd28c9b3357e

SHA512
a1572602de480f2275f014437f3dd2b99e8220c35b1cf4c26377a13c5d1d4a75cc54046b98e79014f6183490fa1df6388762b214fbfd1015be741b10368b4ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5434881caeb50568501e1d8837a0a143

SHA1
d4fa49ea95278547900951f0a7c70e9d8ef852a5

SHA256
7be3e4f56def7e7f395a4d6d9463d2213305ca0392e566cde6867fa7e2e9ee32

SHA512
62269b90c1b80561fd28fb86b1b28bf770296f637028c3ebeb9c2ebf8689de1da8333b27d9ae580df7eed138110848dd718f20d7e46f57c3dadfb76c45f538ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ef84f250fd51487e4c61fb9d4bd24a3

SHA1
7a104bd7134dd97e72d9261430a21eb642602a90

SHA256
ca568f3406bc55b4c9d1d903f42fa507325fd5a7ecc245074768b17f48581733

SHA512
1e7f8bcc93b943095532ae61f9c21152dc89d55b3b27267d5fe240ecf125c5dd090b4307cf61e0a7d3222230a9cd3c4b324320ad107f1ada47b5f37735c46490

Download Submit
memory/3564-117-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-118-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-119-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-120-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-121-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-122-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-116-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-112-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-111-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download
memory/3564-110-0x000001C638E80000-0x000001C638E81000-memory.dmp

Filesize
4KB

Download