hxxps://bonzi[.]link/Bon[.]zip

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 13:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://bonzi.link/Bon.zip

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133658703149230341"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3824	msedge.exe
3824	msedge.exe
3604	msedge.exe
3604	msedge.exe
3796	identity_helper.exe
3796	identity_helper.exe
1556	mspaint.exe
1556	mspaint.exe
2516	chrome.exe
2516	chrome.exe
5796	msedge.exe
5796	msedge.exe
5796	msedge.exe
5796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
3604	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1556	mspaint.exe
2136	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 2664	3604	msedge.exe	84
PID 3604 wrote to memory of 2664	3604	msedge.exe	84
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 4752	3604	msedge.exe	85
PID 3604 wrote to memory of 3824	3604	msedge.exe	86
PID 3604 wrote to memory of 3824	3604	msedge.exe	86
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87
PID 3604 wrote to memory of 2560	3604	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bonzi.link/Bon.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd812a46f8,0x7ffd812a4708,0x7ffd812a4718
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1944 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7640396255996234792,6454235213726998595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:5548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RenameRestore.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:4780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd7066cc40,0x7ffd7066cc4c,0x7ffd7066cc58
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3432,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4892,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4684,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=240 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3592,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4088,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4600,i,10560534277041070009,2214099516316996736,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1772

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2ca2713fadd6d568341fc725dae4ed77

SHA1
0eea129b989f6593b3fed7cd377cc550d346a352

SHA256
d3c142a3c576dcd0f01973c340ad58def2bd412cdf64e9030c0b43ab0f0eda28

SHA512
459aef7a86a0e538acf6d6c34f19cb0e55807911e91441bb2eb80752eda6d43dffeb03e9c0f43e83cec407d434678db6e385d5943974f4ed3709fee6d86b2ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2ada4a12d8809038ddab9388fa3e81dc

SHA1
684dd34d2230b3721f42cfc250953c6496c39cd4

SHA256
d93be82b766e4f0f53c1469653ace74b9ee28bdce8b6a3243b35b7f1af666ddc

SHA512
d97b1975777df80a794dde23150541bc3ba2daf76960166c43ee2e06027ed81040fcf4e1525af44f910604ef425b30876adae21abd02879cc475b77dd071acd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be0cafc4d63466a398eb88a9d3f73e29

SHA1
f0f1f5dbf348bb0a2a4e88d14c0bbfc89503a950

SHA256
e1dc84cba1053bc0d354b54d4c0a69e6232ee53ecb50ad187ba2c592403071e9

SHA512
2e0b0c7126158f15b3d5d974fc25813ab5488e66abab2304a5a0cf4bc82a2682ee181e88650eb947205b004d66170902ae8e0097aca8dccee8323e93f0342b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
918cd072beb8ea66bd25f0934f748cd9

SHA1
1ca4f3aabe3eab6d36ebd7713cb96bc71b30d0eb

SHA256
c762aa9cba439f20d3d776b63cf55adba22c6cd89a189de28fe7939cc0c0627f

SHA512
28a1ae7bd814f93eb24fa1d8538f9aa81a9e56554543dbe237547bd79ff6c205c722f978a782f0ff9858eccba8f348bef1a476ce59ef77c6571d68c4863ccdb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7ddb6f8c277fc73114aab6e2ddbf9f8

SHA1
1d9414d48dbc255dcdf96e64bea9fd80e16f2123

SHA256
7375e5c9b08753faca58cff8de5897476140ddff3c874eaadb56f5adcc402ef3

SHA512
6e0bb4e7049873e1f8b34e8222bd630409c317534d86054c1c7025c22ba19287831c03e97e1c58dba4ca32a8c09dc6d749ba211f60d05cc6401ed2ba995c336a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1d837a670861df66ed0d34a06ab31d23

SHA1
e6e64ecaf506438917883a4ec3e4f8b3ad0c7d2b

SHA256
a8dc151bd50b5801b46bb6d0c211bfa7716df7092fceeeccdc33ae02af9c27da

SHA512
6ffa093772b15de47b89f457cd633e860efc0ba827bb29d30a78c23ca35c67f992a2865b41b7837cd821c1a644da7535a47e669b58698dad9bc6df73106772e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
6fa0c0b80972537d87c10ec1eabdc573

SHA1
a9c2876bc9d23427b14ed5aba53c8ffaf63a2e67

SHA256
14b78bbad3fcc438e94304f9f1e2eb55878629f187b4b70ffe308d73fe6cf824

SHA512
018d88a7251322e9997eb1ed5884cb39c526141fa28cffd5780617824286d159074918e5f2bed96f19ecc1e5fd1ff7490e44f4f3f64d62ceb15f96e0e6b01460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
16e6ae6dea128d0cd1f253c18388d3b0

SHA1
5a5fefdce194a9aead96ebbf59d4347b0fc216a0

SHA256
dba6ca702332551599db04ba7c46cb3420d583a3560d1fd29adeddb1a44b0dc5

SHA512
669edefc5cb2a7d97315eeb43e20042fac1c721062e512177cdda050da1a886d75a6715ed7b3f74dbe61bd559c4ab8e44db685ea9b94260622d4c145512a66d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0fb91f2c1b668f4d4ba8cc40dafd61a4

SHA1
a6a12c2237ce7cc9b24e205d3ee840948af6a1a0

SHA256
6a1cca534932e078765172a4230238640535daee04d1919cd4a88a6998db0211

SHA512
0053d94793bfeb168d8683ce0de4ae4c908371fbff558781e2cf1a2957d9cdabdffd36167362586bbd132218985455e5e42ad1e57f09b0b1dc4f43d33fdd9308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59e564ae25a03c66ae9532400b9a5997

SHA1
c93a253e596cf15dd713fe06a4f2e464ec3f4729

SHA256
43624e17bd964bbb394effe13167eab8cfb598e3786cc70d93105d07380c8b4d

SHA512
b43cb7a20cb6e93259ffe63108aea2553837f17fcfe9efee481df65b271f10beced64d10d8c1b6df0eaa479a7821427cd9b17d10d2e6f68f1b491315be7c989a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b9fbb9ad39b3ffa0075b321f0046510

SHA1
49dc8a3d4c4bdce43bf04fdac3f43228522f9a80

SHA256
96bc49f335fdec1d5f586e9a3e70fae2f3c9f63367b893a74e61c18536d2ea3d

SHA512
c1fbb97ba4547f8d76c153511c1c8de702782f674f49c617800996f3f87d2eb2cc663e8bb101d2d8d707f8453785e175cee3460c1b99f8c32248c7d939280e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
317259e4ec5364a71de95ef87cf35cb3

SHA1
75b80761051a3b87c8e11212328e08a574fc2a59

SHA256
f886385686152c72d0eee06c627195998e9b6830b915d211850e50cfa9c57ec5

SHA512
f5602e21b40e920d0595fc7c6e975539cc145067e78928b0e8ee67cf357544bb8eeba910b3fb9c23a801dd29c208ebe05c551ec730ecbcbd25925cd430b3367e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b104477e0cd8ee4ff85f29e5b9b1399a

SHA1
6c0dd4a790b2719fb639d6538b0d0064855a75b9

SHA256
637b1b41c758f97401fd34bf96d77e0b20613010195cd1eac6a43caba183fc89

SHA512
44fee73f715ac997f1ce138cec945d355d5721fd3b9288f7ed6875657288cbd7e9cd39fa5e467cf10c0a59c79ab820658e0163150660ab966c7b54158c214cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ee683434bc0a4e39b1d908872c760a1

SHA1
0def571ccd18ba275c44dbb4cd36fc2d4945fc14

SHA256
d05833691299755200310094d7f29a77997ebf982cef0b35434f6f948efcdc2d

SHA512
20b9e912bd231a93a7bc23630f6b7a041bbe9684c212bcb5905139e38c8510a0c3b1c549b4f42be1b6fb5aef9a433fc4c5253a860feeb0ff327ec2cf190ad709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ef4601c4cf7883030fe96af8669ceca4

SHA1
cfdd2509bf804c102660f48913d599a13a6fc3e7

SHA256
084e9f0cef5c70131efbea25f6ccb2cfc46c71440e77fe7cbf48d09fad6bafa1

SHA512
6ea9fbd681c92a4e4fbe0f7e3fbf7bbb1db97dab435b59c36affac86d8cd3f711eea5419daee16e24b0543db10a78782df3fc296cb90db9eaef3621bb7ea1a98

Download Submit
memory/4780-81-0x000001C267270000-0x000001C267280000-memory.dmp

Filesize
64KB

Download
memory/4780-99-0x000001C26F6A0000-0x000001C26F6A1000-memory.dmp

Filesize
4KB

Download
memory/4780-98-0x000001C26F6A0000-0x000001C26F6A1000-memory.dmp

Filesize
4KB

Download
memory/4780-97-0x000001C26F690000-0x000001C26F691000-memory.dmp

Filesize
4KB

Download
memory/4780-96-0x000001C26F690000-0x000001C26F691000-memory.dmp

Filesize
4KB

Download
memory/4780-95-0x000001C26F600000-0x000001C26F601000-memory.dmp

Filesize
4KB

Download
memory/4780-93-0x000001C26F600000-0x000001C26F601000-memory.dmp

Filesize
4KB

Download
memory/4780-91-0x000001C26F580000-0x000001C26F581000-memory.dmp

Filesize
4KB

Download
memory/4780-84-0x000001C2672A0000-0x000001C2672B0000-memory.dmp

Filesize
64KB

Download