hxxp://win10-20240404-uk

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 02:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://win10-20240404-uk

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655718347688583"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
4420	msedge.exe
4420	msedge.exe
2468	chrome.exe
2468	chrome.exe
5360	msedge.exe
5360	msedge.exe
5360	msedge.exe
5360	msedge.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
2468	chrome.exe
2468	chrome.exe
4420	msedge.exe
2468	chrome.exe
4420	msedge.exe
4420	msedge.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
4420	msedge.exe
2468	chrome.exe
4420	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 3456	4420	msedge.exe	84
PID 4420 wrote to memory of 3456	4420	msedge.exe	84
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1948	4420	msedge.exe	85
PID 4420 wrote to memory of 1408	4420	msedge.exe	86
PID 4420 wrote to memory of 1408	4420	msedge.exe	86
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87
PID 4420 wrote to memory of 2344	4420	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://win10-20240404-uk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfd2d46f8,0x7ffdfd2d4708,0x7ffdfd2d4718
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1360 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7786912236568182724,8273063150547460086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdec98cc40,0x7ffdec98cc4c,0x7ffdec98cc58
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1952 /prefetch:3
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1708 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4388,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5148,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5144,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5032,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5328,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5564,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5596,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4780,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5484,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5404,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5352,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5200,i,11586123896328712477,2084324650657035415,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
562318889d9c11aa02427823e486606c

SHA1
0a90487373410823047b8fbfa493f69bd8bde487

SHA256
fb318cdbcd8f6636c65cd92ffca5fbfdc04c4e42d522c09be6bcc85fec54163f

SHA512
9582541f0265daf66997ecc843c3942e7141ec76a3ee190aee6b92d1d9ec3049b6703fecd584407435b057503a9cadc22feaef883e07bbfe50e50ea22fd65251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2cb2a305-1086-4c1f-a2ae-a2bd98ef3729.tmp

Filesize
4KB

MD5
73213504f4cbeb8f87ec761c3ffd4ade

SHA1
0c8569e8bc0cfce683d481620340503059be25d2

SHA256
50695972a36916738d1579e95a13cb2204875009427d29e1836c10d4c7c1970a

SHA512
bfc38c8129f2ea7602190cd03d945a24ebe500d706f57e1cb682724557338bf219bc7eb229b6b1c6499d5b900e4ea9e74f65b73a8a66b79d975296bd4acd1903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
4085c7e79475dad92c8d9f356900e665

SHA1
46df96c932f7701dcbc8feb783cec3f88350c1ce

SHA256
4a82a783294186086596e774fcc4c61856132bcfafec10693bcfaabca840fd49

SHA512
65a7dabd3837c4774d685388964fde0b8eb3501b84d605b5418c76a40df82a69831eecfac06f1aff4d80a907fb6f639591b80128ba90a1be83f1793d234704f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
56afb293dd052bb02732cebd0ff77afd

SHA1
fe334ba588d0909d02a1e1e68e041e487724fe58

SHA256
85fe8a616f13fd6e25adf71195564811711cdb76de3873258edd4582ef663c03

SHA512
7b74dc7543c10ae8e12e3b6f274c05d2eb383449dcd5a6f1fe4e8b2bdb92e5198d7e2d7a84b2529674209afca43be5adb6289f67fcbc4f7f63dec224e2ba5d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
354e7941439a3f0c52dccde9f9451296

SHA1
ce3716635864da26dd7d47fbf0f4c8c3a0dcc471

SHA256
40061da540545d0fec20d807b76e00098dae63b3c6d200fe30d692cda7d9717a

SHA512
e90d8bfadcf29185c2e561a8d685ac463629e724d3a3409c5d72f90d5f41e1053968b3d498f23da9e5f1d36ec4795af441a894bbbba91c4698c3c1e0dfe929b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f5348666ca6b9d4d442f982d27ed9bbe

SHA1
d6fa2b9645f3cc65acfc85bbaaa4a068cac8bf4c

SHA256
e195c38456b447a0abc3177960ec752007460ec716c324a0477fa4017f10295f

SHA512
bfa8f8311867e2aef282d6eb4c91c39218bd602d68652e230efa0f2be42c22ed6c32e1dd220624418462d09aec118d77d91e4f735dd17c842232d0e025983960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2c79dc145951a07664788bac9c793d37

SHA1
594b6267b3b2b8fda2ea95e46af1921b79f95bf9

SHA256
1a87c96b2c187f5dd2f5b0c1f163ae904c2d6ea1713727e112ebe41849dc6181

SHA512
e6c93f7f24a0aa0ee8eb6a17dd9de9b332654a82752fe2944f73c0e4657459c07d6564ee8fdaff2800e31082e04fb4f558513d40370123e47c5341f6bbca0d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fad90ddbb168a847385800f03dc43c6c

SHA1
212dc9c00b868f483d7b94d8863e973d84fce35b

SHA256
dd6ff5ea8e4930a0b7583bd04ff22fed6a4d54d8b05e182362ca43e7b19726a8

SHA512
718b4877bbbaedcc7a73bb4cd03460920ae5197c7e2f429e8d0855a50b46d276480f8be0b8a0e08db66f7ee893ce3ba1b3c3f0af122f7eb2c50b1c280c2f870e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6575409882d6ba59878027031adacf05

SHA1
9657d1b931ba31ac03e573e2ebb4778034c4deb6

SHA256
4c1b43052fe23bb98ad0f2cf99e74b6dd84e9c3e30c34b29db7c4c4349d6eff7

SHA512
918c7b72e7040ba98437674a7554df9257122a33c88b16af1235950ce47526ca82ab570fb938bc17d149b5fa644f62a330bd0c63c4d2fb4d50d4290c473aabf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1d112a0e8b7aac231c343bca8bf5f751

SHA1
6296fea030c00a4ff31d2826eef6e5a8916f6417

SHA256
05f9c9112239bf7e8b86312c7ec770298f98e04830be7ef71c3dee65b3816f47

SHA512
5a5e4d9e202b0c2a7a416d134eebe2edc78a660aeffe9da96d8abeed01432c2620019b53623695f32295e0d1e98a15551271a978d47417c9c3669254fc1b8b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
116e33b8bfd2948140d268627d08d3f5

SHA1
d86e8fd4427f0707f0e36977fedfb20ceafd8dcd

SHA256
c00e03180331f9c455196189b65a8fa7bb52f9a5b199d7bd4128249d1c85cb7c

SHA512
1a7d529438a4ce33ac0d5a70d14b63530a9fe798c7f266f58f68eb90fd885548d918bd9d40016aa1adbb27d7ae2ba2dda20163765a59b08f874beddf016b50b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab639981a3ffbb9de49eba4cec69354f

SHA1
0b44b551854d156c7fdf5c7f6b9e65efb80de6e9

SHA256
dd2d3f71e868b61db386da50ba802a1155bc1ef7187422ba2d60edc055c2f64e

SHA512
dd2fa23b7fa4a664225ac0af8985b7dd72e7a0e26141919ebecd708ef6fc014a8302bde3ca75de1c0bbe88c5d59a79ddd55a2e2ab216aa0abe23ba7eda2d11de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbab320322383c2b69132bf5b57a89f5

SHA1
3d884b08b46e9083d57a4e7f9e754a5abca4baf5

SHA256
be317ad95875c8008abafb8a7e265829ebf98b05f4b9cd676d5cdf5ab3bd0724

SHA512
3d4ef9a215bf95b8d7cc0b78af8cc670b08a432803e202ddf87c7fdc52c1ce9b4fbbb17090ebc12cbbe43afe6d6c1b64ace684701bdc232ba3fda9c5ae0f3387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a3f3225bf4af74cac2d45a58fac7c34d

SHA1
78122b2df7d37ef491ec1f9436b66d3f28858b87

SHA256
3fdf6eac3596f95d2f60cc6f36e74977e4fd65218d24274b35ea021153c0eed3

SHA512
3a09c57844e8b28d572b5a0084d011d3b284e1b899940ad64c2a123be6af334d8fcdd3315475fe0851256758ab8fb1a99cff8ec492b8f90a9952b7e4436be05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ab93cf2f1e08a61fd8962814d647d4c

SHA1
696f5a83bc580f3b727551821364f01191cad164

SHA256
c113bf79df671f01e286c2f466a0039dee299d93096340c3678144855f330a23

SHA512
81e54d32d2e4bfac6464ca98b84758192f23811aedb9fd28189bb5b4a7b6ba0e9df497e612b9acb4d3f078702d8d90f154d3fbfb4bbc29412d06a78b86ca14b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1576da895728bf1d0bb7214795da4adc

SHA1
7e129de8b28f904789a650bfdc6a639a5736a6ea

SHA256
605be99fb13a435aefd547fd6966a47ae881d776035eaeb9b8ac67d74aa1310e

SHA512
be06cc2f7a509e63aed8fe348f2ad6f0b95e1d9e6a27b74a30f5b75d7c693139bf4d7edaa806e9c5f44d5148d4568eaffcc794a330a96d4acb90205ce86bb0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f9bff474768d95b5eac43460971f8a94

SHA1
8c71505f2dd2216a118c076e8ef3c6ff2cf9ce61

SHA256
3ed53e976bf9232606e53eeeef0d8b15ecd3ddd17cf26dee6bfaadcbe0c94a08

SHA512
bf008cd9323758540632229b9fe6f64baa765faddcf3b1b6f996fee1c4e0f38039f2f4bbe1d6461c194404bb2f97f4de3dc27dde3428bba3f29db97c48c8768a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea1611ab91821b8158b9c208b2c70017

SHA1
8e6ac579eefe7cde795d6fe14773b4abf350dc72

SHA256
cf3d4af294f953f1097f7f022a7de3b18a797bfa5e5b91b6aea2a03161c5defd

SHA512
17470ba56e76bd97bd37b0e6cbd894ac0a3f22692b080f233e796dccfb0c261483f5ee72b58dc735927360b3bab39a695ca8a641d375df0afda4cc0aae063be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
705346f01ed9d26a446a6243fbb71e54

SHA1
88251471b807567ca69d638bf72068506f39b3b4

SHA256
dca9c1b4295ca12c2795c419d3b448731df8ae2b1c701983d48893f33605ce3d

SHA512
fa5e3a57c294c6c26586f0143c514e3462d77054459d5521a102f225818664245d3767c7d64c7df4e00fb8ce7c179a8fac19a635f56ae0c76610097ac8a67377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
832f693a49ca0caaa5e7f08054696aff

SHA1
fef484a627c42eedb24b16a1bc45f854991b5dc8

SHA256
0233ae3acfc3b750a5be78cf2307df609134f2ed234ce03d54afdd3af001899d

SHA512
a63041b3768cce5cf559c8ae75778d5b1f8aeb7c240c713224b90f9ebe3cb837228d536d2bd6130a0a6b9d13dd278475ee6c4536c1feb4899f60631737c2e966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
e487a3f8b1e32c21919b471b4daf8f20

SHA1
33c11df7b7bac0def7cd65daa6cf71dde14879a9

SHA256
17ace323ee3e4d305cc9c5f305ced72257d1f6c2b55604010805d1501ad6d398

SHA512
720a2ce40be264a9c1eb14b85453a027c17c6dd6ceaf2b60cf89726c02a28da4ead9aaf5577dd2fb70fa65e3e5563b63ea66aecc4bffad035789d34a35edc416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
87acb23c4783ca3f4fcd54d8b7f94b73

SHA1
c06b6680e4fa7a8cd530a1c5e245278baf902ed0

SHA256
5b8d8e233dcf83ddd29ea033ff9c72e4060da99f2345ddd03d6a582b13457f72

SHA512
9c3dda6fb42786f86aa8e9a5488340f414642f5246b7bca845aaa00889b2aa1f4e2ba635eb15603deede38a38f6b228e90491217c9bf9bb062559ad30ecbef39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
c78f118fe1f77918cf7741e971158871

SHA1
5caedb1281367a2c2bca2e8583c0cc9dab973efc

SHA256
2688f9cce771e86fa86efb157f50de0d28d21bda759ce39a2cf1164ae06f42a4

SHA512
5518c3d5d5b841ba97d491cb459964953b22029bae6f91b55e09d46dff71bdcc99975714b99da8dd93f2d9e4b941b50a6126354cc9fdaec3fef17dc8305bb21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
c1e2b4c3151a877fd78a398348b0e2cc

SHA1
fb38b94887709a4001602c6e11387a16f59d7c12

SHA256
9252c229a4d122857d95757c8dd1213c5d95d41f47f85374570de5dce63009b6

SHA512
dd57cb506c86a8f8837433b49e4b8df19478aa3541acc00928171c3088b1d33e221a90711ab222f619ec7490143cc2536744f6e77410d9131b6f91204e12a96b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
265cbf5a2b17259ee1aa511396313a5a

SHA1
eae7f11a6d0cd7771638a4a7b28e7fe11495f366

SHA256
e221d100218150eaf43a855462aafacacde63ce1c894a69a3b3eec90bf83650b

SHA512
caf43ca1db317ad755549fe72945894382b2616610e8776a97ed2b1ec75c154c545c566d1da23c1de8d8d66fbc0c18dd0ef5c54d2ec3846ae1be417f4993343e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b3da9d3ad8f9cd66cc1e12ed7ffb542

SHA1
b4b34ccf315783b2b25c0b1397813595b6a3a358

SHA256
514ff4265613c556337c89602f67ec876c3c843727239527153778adea7abc0d

SHA512
d9066daed0244b9e45a7e6e9a0f90c733e85eee14f9595c615cf5f7a4cc71d566b2f73e88ee9bdffd240227df18a775f68857c26d786e54c4cae3f7dcaa9516b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c7d4ad2666d2ae5e60376c776de88605

SHA1
557d2e0be68a0e2ef6916a859a10799c096013b8

SHA256
72950d81fb308f933bf988bf7737d70741aab9185af69889cb70c326f3711187

SHA512
0591afc125d19c320ce52949325dabf050edf3e9e89364dc5e9490d685899fbc7f6cac4703255174bf955768914917d57a286aba18412ad84fc5187185901b8a

Download Submit