246457363396dcea4cc3d19ce2a431897bac948ae1694d3e87cc0ebaf2ea39f5

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

reshacker_setup.exe
Size

4.1MB
MD5

02eb693dcfb90a696d191badbcf314ce
SHA1

b1d0352c35d7da251e2fa19ecbe8c1e5286f898f
SHA256

246457363396dcea4cc3d19ce2a431897bac948ae1694d3e87cc0ebaf2ea39f5
SHA512

17b6a5f2446459c058bd035df784adad0e58aa7438a56e02fd75c593eb6bae82719b6293de6b1504e1089cade44b5e137771991816d616c08f92eb2c249cc159
SSDEEP

98304:HEagQkFrdGj3mx1Ijxkp3U3aVTISLUHBrIC0:9gQktdGCxmjY3U3aVTnIH4

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5080	reshacker_setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reshacker_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reshacker_setup.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664931670180259"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2636447293-1148739154-93880854-1000\{5F09F54B-E6E9-4119-8C81-CFBD865E348E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
4796	msedge.exe
4796	msedge.exe
2700	msedge.exe
2700	msedge.exe
3912	identity_helper.exe
3912	identity_helper.exe
4328	msedge.exe
4328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 5080	2564	reshacker_setup.exe	84
PID 2564 wrote to memory of 5080	2564	reshacker_setup.exe	84
PID 2564 wrote to memory of 5080	2564	reshacker_setup.exe	84
PID 1568 wrote to memory of 4936	1568	chrome.exe	96
PID 1568 wrote to memory of 4936	1568	chrome.exe	96
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 2088	1568	chrome.exe	99
PID 1568 wrote to memory of 4688	1568	chrome.exe	100
PID 1568 wrote to memory of 4688	1568	chrome.exe	100
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101
PID 1568 wrote to memory of 368	1568	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\reshacker_setup.exe
"C:\Users\Admin\AppData\Local\Temp\reshacker_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Users\Admin\AppData\Local\Temp\is-7FJIV.tmp\reshacker_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7FJIV.tmp\reshacker_setup.tmp" /SL5="$90090,3504386,870400,C:\Users\Admin\AppData\Local\Temp\reshacker_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd731fcc40,0x7ffd731fcc4c,0x7ffd731fcc58
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4648,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3756,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4788,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3220,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4556,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3436,i,8271700799710106699,4523299010232752276,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1216

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd812a46f8,0x7ffd812a4708,0x7ffd812a4718
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9795141948631878902,2956145588558550140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:3820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3216ed3c2ff5253f4b504d3562f108c9

SHA1
9602a6a54cddad7ac6baaa3d6f2727bbb1d6e57a

SHA256
a626299504d855b6d6dd1ea7f469ae6fe544207df282173c12603dbb8fda6d4e

SHA512
8d91534d8464bff4ee93b8f1944b5eab9ec18d2397e51e84f3130169a1db9503c70a496e8794d5b47cb1b91622a37db8f731973935153f23566fdfe157e388a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
250166f6c3127c49e4f97f9ff39dcf7c

SHA1
2aa6f11e318fa38db069cf994b06d04edc8e0b6e

SHA256
3ef07ed1b4d4bbf847652eab9667cc8908aed562f9dadea443b0b2a998fb77d9

SHA512
c02120db07600a6ecc61d57378a7748eb08ffabbb23e932871fd53aed44006f49c3bb3eb772bf0b5d4e76e4d73f56053412283a0b9837b1a71ef7f9d43b03a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
00966fbbf6c6ed958ea05225f086477f

SHA1
9362eaee104021c1fdfecb68b414d6cbdbb1212f

SHA256
48ee439c9b42088c1bf564a0ee093a99a03b05c75709a254cac4ac4065fdaa7d

SHA512
0a446a8092251b32c9ad208fef0c6f1a7020bc458315a6c6f7963d65971958e1c19af3d159395acaca3f7e2d0ee57d3fa200ee234e36e28e7fe7350710429f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
44bd2a38d431048b8a1fba59dc1af92c

SHA1
37232834d923d101ffb96874ee528c81841d9d80

SHA256
bde8c9933a911127566b27e181a68b074d426cd28c088bcc797c351aa8119b30

SHA512
ba635ea1deb79c7e1267dfe4c47c00c76e01971b010d818a69c50bbf7b882a0b939aefe54e28bcf6dfb9db6a10fbdcff6086344532ce75f43eb425a06658addb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bb53bafa71d7a0e6ae8e58b1a2af827a

SHA1
6da173f4f7c94b2ca053aa31f7284cf65accbab1

SHA256
cbb9c68ca1ee0e5abe3058525bb644587ac6ee047ed09825a55c4a5987d5a507

SHA512
ea1760d06e1deb3e9291c8e91d1987d6bfa2b02605959f1c3bd66c3930b30eac4e4c17926febcaca5e1c56a8693ba8ee6241abb9aaa353d5bf2e8dee9f8e32b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9056bd07ac8a752afb528c95aea22687

SHA1
d752fa6500a0d409918c00b1b609bdf65f735452

SHA256
3d032b17357644eea0b7eef108d2242dcb170bfd22ce964b0f01e3db8d1c8c47

SHA512
271d365686defdbb01e214f4d1f63f22c6d4a2af5f8f5333790a6ea79f6adb6c0486fe5c0fa34a9ed31ced9d9c186586470d5402035796b3fd19cfe682d1f661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1693e2ac19677b5644be273a73b778c6

SHA1
87f421daf2f57a9d66562f98edfe11824d290a35

SHA256
7dbe59ff0405347616ea5f8b94b06d300475feb2319c1f6b80ac836c4f1ed05f

SHA512
ccdfebc050cddff030cf1dfc06ce3d55013a1899f338e1993c992e92f1f7a8c6d973b3c936da0a74b249a0bb688e2336c536040604fe2e688ace69a8c007004d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3743e5674766337f956349df968c8fe

SHA1
39baa2e55333a7dab8912705505176e985512027

SHA256
c6c197a90e59d9a44cc37ac22b98d59a284ed396cf23daa7f03a70191496d328

SHA512
692360f1f8c2363cc8b206f1a809d89533d053412400bdd7682ce63eb78a61deb2c7f57c6b44e026e3dfff23f826f3a2cffe3ce22ab5783f9bc6e2c91341b686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87ec6dec86b5a36352716f86e6b023d6

SHA1
24a722ad2b4ecad29b9dd44672ae6cb4fc43f48a

SHA256
66ab174b4fb85d1631a6a484fb6b18f928028912e7f0b28bf8355c92aed7acb9

SHA512
51511ec22f081866ff2d2065b5aae3a17adf531ca4ee6aef328b7f0b49e92165d5a031614d2b4c42cf963e3f30d055a7ebf89a63f837c71b0705ac798ce1042d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4c182fdf5c5d91e867456cceb2c2b207

SHA1
f6d5b5a0c50bbc2ecdc24cdf5f70dc8a97960d03

SHA256
78d33a9c0d48ac1ce92e4a69981e50eaa105fd0d0af478563100097960723c7b

SHA512
f909c01830f7b9cd08a5b89ef5669a3b4673eb15602a2e5287031d4f4e52e2e63d4fd01045e346d87e47de483b33817d19eca427d74c2e3e2cd048ddb3e55986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19a751b2cbc37a91edc2b1af0c847cd3

SHA1
9ee242789f101d0c215d06dc7e1e9fd9f10c341b

SHA256
b9cdfb51ed692e4837596a973de41b1967a6efe4cce610ae047e6cdf7436e9e4

SHA512
ef202e7c4231cb19010aad059a863d8e02f24a7b73f1252aab196d03ee0b1e789fd420e91132e6c43793fec3bcf9f40ecfb0f07586173108dd7d746f44602263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75a84f7fd45cccd854a51a54b6626ed6

SHA1
975cfde8a963dadbca6855ae897aaaf8944332ec

SHA256
03e2e9a463c802e573c954f270b150c91a5ea7b68b8920df6bdfc4ea3a8abe62

SHA512
ce364044a66b78510980d1ba6cfa3938b0475786a52dea9dfa5c8a50ea7dc293f1182057eecf2f53d0c95aa5ddfa195cc137270c1d465ddadca852a485c047df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
10797d3aece188073e79b63eec6b5dbb

SHA1
9c564ab0c28f336a9753074a60c9af28f076b115

SHA256
80c9ae4950aaa7a2abbe5f2cbc562ffaf75f271e3ad4a5c0648068369d55c83b

SHA512
27b73121fa439526edb266052508c3ae5921ccdc82d35c007ea11deda534f0dc47dfc24dec5cbd745d5b9ec8743f75429ec19e26773664ebb748d8427496e768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
e60fe817896affbb51c036c39cdb6d04

SHA1
bac9bb9a545bfa4ac61e4ea7af419cadf6e7d8bd

SHA256
c89d80b0afb99141a645556bd6cc557621687686e7e47a79b00007726d8c90c9

SHA512
d6e5b8835afe549cd2d86ed502d171b3fcba93b164b07c1401d4f428a14e19692745b8063d581a229aff3cce759c298852b16b90e5c81dd6c8d759c7e39656f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
36aee6a3453104e4f5758467790a362c

SHA1
8440e405654a868434b1399da75214ca270eafdc

SHA256
aab8c2aa188c16a1208b5c799bf5daa538d11d6727aa1363247e928f8fd28491

SHA512
06b4dfe19a866f8f18e55bdcd44ea0a001e3beb736aca36454cc7122f21ebd0173652f04c7041ebcd7d9ca2289e3c725ceae86cc9ac130d39c21ef761e3282cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
5eb15c63213750e703bb1ecb8bc8b538

SHA1
a33d8e25b017d152a0e7fca7bb3c2faeeb176d4d

SHA256
5bd603276a0a93bd307c564da5cbe4647000f8f3e91e6ee7509b1f4bdc036a4b

SHA512
fb70918918a4f6adccf010e89450139d7be82451cc37b37bd3909173e2ff7a9398d9e19d16c8fdc247dd1da9d73b81254276d0ae17e9e43b5438a75ef5d47378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6debf178e9c742db250273109a235868

SHA1
f6cd0b9909da5330b79fbaf95d9774d587550e40

SHA256
8086e121082d39f60283bfc600f5588ebf476f37384fef7d8a02c3d33ea63e56

SHA512
e44c2652b062ba413d2f8f71ecb9485f963e2c97ddb0020894799b28a89f8b39d26de1ddc0d5289c78a0dc8ea0e55f8c19d12b6fbb514574dc483b99c44d1aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
7641a80b3ca2bec272955ead35145995

SHA1
8e3d61381786090bb85e45d156938bbabb17aa0f

SHA256
8b712d8018f2c97283d0264ace2a982a627e050d0b428597a6d31abf78db7d79

SHA512
c96df8fb697d229be04d06569c2dd0212b2bca6d1e4656000433175969afd0bd05e667a61328ee47b1fc4f359a2aaaa9c31c930e8ce52f1f8f958aee25e9f0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
d20f500f9e4e8bc3fbf885d3e9036b32

SHA1
8eff61e7789c5bb7564be8cc3225ff10393a30b1

SHA256
088c9b305f64ae73af52bec73101e6bb1914b8e0931cd1d3aee8944a3abd18bf

SHA512
4d85a1aa21fb92d51bfd01a104c847f79e4c14d4f2202b6c14e6275f05ca699ecdbe56bdb7c556f8a651832440201bda80a7f1e3c11778fb22c201c9aa032642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
23KB

MD5
a565d123eba419617a9706d6aa1eae66

SHA1
3fd2aef63d977479b72d755464dc8ce4db6062fc

SHA256
766cc779fe06ca3a736ccb95a5b8d091fa09f39767ddad5c7f73e220e0c9494c

SHA512
bcb52e0b7b92877a8fbf1d03dd7694a3742330bad9f94385c1705efc46870931dd13aba9b3afb0ecaeca4f189e18f68066a31e123f05c2a2d171b9d6a866aed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
101KB

MD5
0678d7207ae3ec2e19ffb24f79d4b0a3

SHA1
57673e8dee1c6cbfae31e8470d229a6928a3f919

SHA256
2ec8cde3214c232e2c00ef6f4431a991c2124979a1c3bb6aa624f2055126464f

SHA512
1e7ff10fcf060d44d60706447e0721763593103a4d5ae054e2a65402dcf525804a9b580c5fe6f11b0efa905a152d5b053e679e92edc3293b95ff4171050f01b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2a446396f43c5811ec33ab314536da2

SHA1
c6d4ce1d24f58c88b94946e5c9f4a0b88ccceace

SHA256
db1f84fd82741bf030cf97b1d88bf9dfa177d7e406d5e2918d80c013480bfded

SHA512
43fd84f01de194713d8912cdc42a3dadb087e939c36564ceeb763caf37472544f116858c56a00364e3d9387c91dd06c16d7f0bfe462f8300731cc9aa75a1e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2250aa8a8c8a843590b69c1ef1444aeb

SHA1
ce4952ee2cd50b693be81b521c7faa0981d25659

SHA256
e80cc3aa60374343b2ade81b71d8e951dd40410387de6e0e021e454239954518

SHA512
54525a9ae556111e7ecb0fe505324ee6477d9a75665194d6eb02230074bcdefccc6175597bda6039ef5e2364a5afd6ecf624f73bdaf1bd6624d0701b113eea46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f5e82f2735cef43e42d46a81fd7de2f

SHA1
b7fa2a64e3da068a823a741403b7360c80d5e0df

SHA256
be586752c7a9ae1c438605747463bd252191f024af13ecd1217b5abaeba7fccf

SHA512
b653076c95af4a2398854e91672bd0e5816e551744850a49a5d35807931d7d8c04f97685ecf5bdd3ddbab3436d5d1bc38df0573da8334e8f9f4624b68a90db33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3518d0469f906ac42e270c5f3c2b2db6

SHA1
8caada7ceb59d18d37dfa19e32b1a53fe505a8be

SHA256
5e346a8ddc3e1461b4b61cc8ff4538b637cf05877d5b80f282a80c78998134d2

SHA512
c6c04ef1bebae7510a7591035c8b49e22ae61bb875b7f8e458715c580543f4281b16d72354730d74cfcb85561068a4a79d7b6a4b5591b0b548a24de8c1debe9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c04625a446753ea1ef2e9971de0d8e09

SHA1
8cb1e6c9a1dc7a61fe15a9c195d9c8bf97e6ed0f

SHA256
70e4ee1bcb99162025c3295a8b18ee0188ded1f96a289d4b30884be430418463

SHA512
f7037b6da4db167d5555ae8d8c999a2cb8ab6b21c2a0f8cce1e01f4b51da056ea152787d391516356f68fd98604d3b29246ca4cc27e03dfeee94cc8dc6844efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3afaf70620ce9b2cc8acaf9dd5c7cad

SHA1
3695c26480a5238a2b662ff2dc5cd0a7cb6df284

SHA256
edf46b7fae05f8fdd11dad0fe81d6bbdda9e9494085700aa1ba76663a60b07bc

SHA512
984ec21700bdba05a01a49f7765767c82356f183014d46af0fe47c040da9176eece3e8d9ffe2697b1b53be7a5f4d5af6f7b29a8ba7887a4c154b49ae242754e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
043616aad798f77d17ff17722c6d5e55

SHA1
f5df2594e62c9f066d3e42749f4a9316f0104a57

SHA256
9cf0516060418e002d15d7521de03d475b3a318b0ef6e849361b4431de7956f7

SHA512
082666cc3cd16062364d5ff41729513afdb2c85b9e1d91c8d068d350fbfd9ec530e47421cfc39f1699211e0932cc7e27149bf859da31b640878e7badb5209480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599c75.TMP

Filesize
1KB

MD5
049d994dd3e0c03a82928e7dbf6ae3ea

SHA1
05aa45f1f385ecc1496edba0d961d0c29cce1fd8

SHA256
b89a8989f5823a7afc00eab1f06859148c261775158ab7c470a63b116d07caec

SHA512
14cb30c113a44141c3e24dd0a96c6e97d3d12769c06a4e14d558c24020d3108b28a14b16ed9d8e44ca272601a79d4d4427abd5f859be5dbb7c41dc175be0246e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
650119acfa0912c9ac2fea03e94eda8b

SHA1
da9f1c2b03bd0d1f2e9e90f93d957c7f18ca1975

SHA256
0bd232351a5bfd53770ca445e99f091724c0cfb7cd8c948b1546698ae42b1576

SHA512
6d0a8086487d85782cdde9b5a6ee87edda24dffc51fd017b49c7fd808234e324372020b3753b2dfd74f2ebb371fe3c5b40fa6b2b5ca85fe9ac5f2da3b4dc924d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7FJIV.tmp\reshacker_setup.tmp

Filesize
2.5MB

MD5
c5cac19a48b63987b767c8ce36a09282

SHA1
899834cb9faa1a04029403085a761c5a2aae0045

SHA256
9aec7890b56a86f175957b7a99fe57ce6234d16995e019d3008a5d599fdf8e28

SHA512
a796cdec441c82353fc160d92af14ade268172b7d232c8f1bcdd5c807b7dce3c4c4cb877b467446b54f058b0bc4219f82ee99df2851d83d121ced2b3674ab1a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2564-0-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/2564-11-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/2564-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/5080-6-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/5080-9-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download