6c499a4af1f9348ab6ffdcf49eabb0999f2d60976cca109cb4812747c5b7e1db

Resubmissions

22/07/2024, 19:36

240722-yblayathqf 6

22/07/2024, 19:33

240722-x9gjzatgnd 4

22/07/2024, 19:29

240722-x7n62atfpf 6

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

accesibility_window_abc.png
Size

457B
MD5

bea6c589482c2d3823e16178a9e3eb64
SHA1

e19805c08e403f06b7579626fcb6e34166dc9d5d
SHA256

6c499a4af1f9348ab6ffdcf49eabb0999f2d60976cca109cb4812747c5b7e1db
SHA512

892fb6079d12a8b86872ffcdb2dc309993400ec82e99eac275e1e1ae1a402bfdfaf39fb171dafcd0d4579d020d55208281392eb186d02d897b73fe5a22182489

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
18	discord.com
38	discord.com
39	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661502448284832"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
4488	msedge.exe
4488	msedge.exe
3156	msedge.exe
3156	msedge.exe
5672	chrome.exe
5672	chrome.exe
5672	chrome.exe
5672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
3156	msedge.exe
3156	msedge.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: 33	2800	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2800	AUDIODG.EXE
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1064	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2940	1108	chrome.exe	88
PID 1108 wrote to memory of 2940	1108	chrome.exe	88
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 4124	1108	chrome.exe	91
PID 1108 wrote to memory of 1408	1108	chrome.exe	92
PID 1108 wrote to memory of 1408	1108	chrome.exe	92
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93
PID 1108 wrote to memory of 4776	1108	chrome.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\accesibility_window_abc.png
1⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8d35cc40,0x7ffa8d35cc4c,0x7ffa8d35cc58
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4572,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:2584
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff625874698,0x7ff6258746a4,0x7ff6258746b0
    3⤵
    - Drops file in Windows directory
    PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4316,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4924,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3448,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=2272,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5320,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5292,i,7374066274348830745,2571733211342081091,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5672

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2800

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1808

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3168

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8d673cb8,0x7ffa8d673cc8,0x7ffa8d673cd8
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,15787382775543251897,11727729363260920638,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,15787382775543251897,11727729363260920638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,15787382775543251897,11727729363260920638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15787382775543251897,11727729363260920638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15787382775543251897,11727729363260920638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5272

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3932

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4a261ec8af0127ba07744925de1712c5

SHA1
8d4ea28c8f8b73867d3e86ebcd92800e42e0ac21

SHA256
0f675ac6a33fecc813d6ba7c5ddf6d58ddb19107aadaeeacfced3fc29d870f09

SHA512
054b3c7a0fcaefec3367604934530b9ff570358a87cf8e1ed7d38e316110bb31c7391715996b95399ff5458895e359026064e5c6fa8ddc55493e83dd888d197a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
366KB

MD5
8af9c9af250339f71eb9d036f3310893

SHA1
7a8cd64fd10508d784ce30de59fd286e4dbd3375

SHA256
c719d3d86df635f70d00e2fde56f0a5041bb7e1d6ed3e2115b850d9e907d49ea

SHA512
6d0643026fa4be31137c0648f1e021ae32e2e9e0d116e7aa2d2424bbf31a44ff827e6d7580c9b00d13d67ec9f69dc6f6a6780a78f0b8126bd9111a8c1902219d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
295df6cc9267b74b1a46407730e2d2b7

SHA1
756e348f89d0ed47daa524fa90252329204d2fe8

SHA256
a196fb79c854b873b8f2a4ba01508b591f34b951f2daaa51392a6fb8ea68d533

SHA512
84509087e9efb8ecba428b5e362b3b1154f8698c40c9bda4cc08c400059fd406483e06a2c02ec993942401687f542f2ae78439c17ec9be00f9cd85cd93be6aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4c3128f51a7ed6faeac8194ef27a35e3

SHA1
2183ded611fcc5de0a3221a55ae22cc176605003

SHA256
0ff528ea0db4a26538fdd22f114a8a9cdebeab344eeb624e95add6d17d719c47

SHA512
098635c3e86654b5dcdb4474fbcf2aea754b6263e5eb02a573db43453b8f94e10b627f2cf726b9f726a3ccc5f0f80f28328d285fca12f59ac398040e87c4f70d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
4fcfad668ca551ba664f4c478784d9ef

SHA1
59081766967fa224ad8adf34176b3b9b47bc0bb6

SHA256
24e3795d669b249ee3b1a1f82d0afd954b753469f6b0edf0409aaf849b5603dc

SHA512
e075bca709d06834a030cc47118f5d8d4d2d0a2b64089b536fb2c08d8225bd68182169f5ef89fd1a6a1dc665f7971569776ec467ecc8298e7571e16f4eedbf68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
394e3d4988a44e682a357aeaf804d013

SHA1
25d1035f6ca8ddfc0b70e289bc8034fa84272f4c

SHA256
cdcc7a2f3e1d5c5d7fa48487ca532914ace4d524a694d8d7cd5795b2310cd067

SHA512
c2fecd230d3505f0a2fe9269b6ef503dd9a772094c521fba937cac96d5f526b083fbabee39bf691ab0ef5076456cd31f02a0619cd99ac235e851d429900fb192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7032e20ac25e6ab666c26082f028355a

SHA1
b84f4ea52bfc660eadcb45670ebf46b14d47c734

SHA256
9867900b60f9d13b2ff501a597ffb09d104cef1644635d8d01077c36a2ad209e

SHA512
d73a09de881ffc32474654a1a1ae8c6b83c259a17b214b6d5e8beec0b8579cba0172b583954fe66b87dd677ca3738324f962e4d7173345cb8f0adbee991dc3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cbb76d91eaebe874f0f7a219c4dbd50d

SHA1
61df57949fe0484c410f9392c4b9bea33061ef3f

SHA256
412a2472212fd404a5306fa1ba177782e920d24206ff65eb76535d197db92f8a

SHA512
bcd9c41e4674b9e9646b9bfbac8b530d6f4e87ab14e76dbdcd51c10b44092ddd4bdbce2141bfcfd426c6e2bbc50b1348d4586585a4fe5d108df3ce7ab3193e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b76d246101cfb1bc17f2d52e9b76899

SHA1
23ac7237d20c2c643ed1a34e1b7ce5b3b9a343d8

SHA256
03753cf0797cbeff732e603fbaff91b086eb6b6379215f9b4adcb361ee706b38

SHA512
01251bede0e8e6f8ef80007fe32778e8f61c4604dfc8f68a57b42f9a449e75c605ff24023ba3ed3f947cfbf3196209d525dfc7f6d84dba2ca4f310a0098d1c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
702d1015bf8b9ec54c4bc9e188b29b01

SHA1
bf8f3b18f9b330e6fa6c95f024b9f2b0524e42d7

SHA256
f375951149b097b9f9afb748ac68a93cd42465c1c80aade586b9d0d90780c560

SHA512
601749292e0552fab62cb0542e4ce0f6a660417de5658c32fcaf14f8b8bf1dc91c7d303c1c2311db40f6ef22711656a2fd5936d2e20a9098ecb2f0cd3d14da39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d64f41e90b255eed34f8adb3238a3b0

SHA1
562d614caa2b07d36968c2eb0f6cc04e739da270

SHA256
c2ee895a0cb57ef885097968c2e4e11721fff9952ecb6b72b7abd359b0a0a852

SHA512
c58af1dd3a77bf42fe60d90b8b63be07ddba9f74272428e675aefb636907c81009de96d36b0d116bcf89e61bdc12e5bd1047a836ea48f7688f18fe06f39e6966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac3c680a0b80b4e71237da18db75e373

SHA1
cbd215e5192fc79b41c11c7f868dfe346f6fb780

SHA256
dd6999dd245a384888732c1047ac8c1585559b3cfae839a4f6de54c7484d3bce

SHA512
07cfa5c8fa7a5d056182a7f570bccd0956d5a5558dbfb49c9b5513781e60027ece958f936c6ec11dc38991d31c157d12fabf94707f1a8a5d4742e4f2620523d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a004bd6b873dc701b091861dbea7ee5

SHA1
138de74b72fdc62cd90a8d0b78ff829ecad5529c

SHA256
e9a71bc2bbf942889c745afe2e0ec33c5d7d431cb1a91f5cd6971f56d98c8cce

SHA512
545310016ba1f728162fd54e1db587a902bf5153598de3084b927c98b9aab6aa63c9216faf67a8e7a1346260b4e28540f76a58501fbe8150d75ef2dcca68606c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec0b8d5af517ebd8960758587d693072

SHA1
da4d464085181aa7309c342dbf0e744d167f7021

SHA256
096bdc5ef0510e7d90e5917c982be41fd0a2d71725e97c5a51ca0bbe837b9cae

SHA512
fc85f96ea99abdc0c5dfe75b306ea6d320fe150ca297f98e1bd9eb49a43ba20b5fcdeecc566a6d6acd4820c0b7fa2e6e5f6a5f330f7ab31f0ef93d1804bbfdaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
839e6f9e0a63a88b408389862adc8582

SHA1
8c38034f5884ed3a9ddad00e6361da811365b354

SHA256
7571b8e875350cd057bb3fb57ae7167eb10236bb1ee00b74c74261e5b9bf6f6b

SHA512
caea8e19b67e005b97ce06236c6854f49e5f43d2dbd0dceca796cad9a78f63371482ba2b081903dd9dd8f2f1260456138f72f0e1d2a790244e93e85b1a6d5680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bdec750d29b321d7f3a2982a90acf2cb

SHA1
68bedbdc2937d9fd8ef68c3e8159d488b5c132f8

SHA256
1a8e8bc3aa66355e2b54e66a1581e61f9ed8d944c1d59e8961fc2733a208eb39

SHA512
6522c2708c187df219a07d130538b3fc00215e49fab04f9f47bbb118fd8cf90978a6af28f7e26f8b618084a6c4663f91d95da8214d2f1e15d31429436bfd53e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b1a6ede03724a6b501c3a18f85a944c

SHA1
a7efea749d12e1e17f64844c64afb8d54160c9a5

SHA256
593456c7f3b4ec521bf548b7aa85abe6fc6bb82235c6663bf256638de2c04e85

SHA512
5ca82f21c715cd9cffbfebf72858e79e2e26327146d56131c322ffa576f91e27f93c7e7935138aa2010d72962e193895bd9338632e9f6dcd59352aefeac0df4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2aa459adf3ed4fcb23a0365c8dcdcf5c

SHA1
7b2b3b4937cba75cac76092e466d05a7da715dc5

SHA256
307734c1bdfd05bf3e692f1973777593ca051bdd9ad36f157cee10cf0097ca83

SHA512
de52d4e4afa1831fcd967e6fea049d2ef598017302f9a6173b7c68e909e5106e21450cd13a9b169e2d3f2ac6d4c8470f111df7ae797aa64533acd814e617b119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
075f4ca8ba301592d15cca83fca62442

SHA1
77b9af1d51fba662de961672c3570bb60522fe90

SHA256
9afa6345e2c0c80e6793a65b7d4e172f9a59aee1680a0ad9d1e96db3eb88bb18

SHA512
d713d3aaf02021fbef3c99743a88b86c4502400493bba0b069fe2bf3a2a85185b5e5622aab71c7e084110ae653145bb8a6786ef4267ca764a2d5a8ca4efbf4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
db2b7fe9c289f5ce89c4d955b96a4c06

SHA1
91b87ddea8accd9a7b625390fab4052691625faa

SHA256
6ab833dcf52acfa78aa8f02534db47dc56d06bf0ae73ddb3cd0abf42693aa612

SHA512
215b26185e1a91f3e87a19de96f8d1a372e48ed52036a71b062f9de69349be7923ba8d03bb68dbe0e2fe730eb6e19709e85c3ffe55f4316838dfac5d6f5c890a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
78f1ff874d4b40e36caf697b5755df23

SHA1
fcd000294a35d9049e901cbd5996dfd4f92a0280

SHA256
7a1431da479a6dad9d4d7b6d61a0f49d3e25215e17dbb727f07e55720386d267

SHA512
59b501783a888a4c7712e09a6f1198b0639a7a471e9fac54a1d053e1b6091fff5501a7bf7519440fa27129645c244163908d82b8b05ccb6ccb533fe87868afa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f3725d32588dca62fb31e116345b5eb

SHA1
0229732ae5923f45de70e234bae88023521a9611

SHA256
b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140

SHA512
31bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0f062e1807aca2379b4e5a1e7ffbda8

SHA1
076c2f58dfb70eefb6800df6398b7bf34771c82d

SHA256
f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca

SHA512
24ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b3abce5cbba7aaf7e452621e49dff26

SHA1
829751be2ad50fd8f94c779c929dfbff5148cce6

SHA256
fdfb581ee103387e2ad5570797d36b3e33237f032f55ee54c62d20c330e8e06b

SHA512
db44dd0f9b8a9c244f2ffb0a8166a44e879b4a8d2f96c345c06304244f72f8bc14e91fd954cec4896c2fc1f72bc23c32f31445240a5e2f8cfbd3d76f644141af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04919411795e48906c3a672269dd8848

SHA1
054bc6c58b48c24bd75113585d6579b1ec030587

SHA256
8461d44fd65c50f72990eba7e1bab48fea046e06b51f1e35c64aadc3f3de523f

SHA512
2ebefa554b58d7b1b73b55908f579714049d5c87a336025581c447c0976dddc532487e18baaaa96e34c960ce935398c3a5062c80de7bc3aa4cacc8866085641a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a4bd0b41e730aeaac21c7a3e32d66fc4

SHA1
96434ddb1c4daee303183765980fa7ac2fe3ecb5

SHA256
bc3b834b01aa9a9860b1a629f9f084af1cc786e4074d5260a49af80bc0c5c820

SHA512
6fa711c69ccde8d9118a8d88c86e8c388c5571cb4d45a8175b3434d82a3fce9ced5fb28a4d497845f0b59c50bddabcdddaa5e6b83dd37e4da4697c7947251940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
6e294fdfd820b2f872a26859fe9e0c83

SHA1
8fe9fc5b44bce2aac4947ed15014504907e2417e

SHA256
afc0a28208519a35e94bc92d22fe047bff0124497ee267aa7d61564150748190

SHA512
d7b1d1006f144784ca6bd421a9574e114a18635f0b34ed5c64c5797d738688ce44b1626bab4fb4e53ae1314a7585efaa1d6e5774e48674fb3825ca50e01d3f50

Download Submit