4ae42054daa3e68d3d320cd189d199124a21d07a08680a9bd39e5c86f223f5dd

Resubmissions

02/08/2024, 18:51

240802-xhrwma1alg 6

02/08/2024, 18:50

240802-xhcrps1aka 6

Analysis

max time kernel
149s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraB V13/Bootstrapper.exe
Size

795KB
MD5

365971e549352a15e150b60294ec2e57
SHA1

2932242b427e81b1b4ac8c11fb17793eae0939f7
SHA256

faad2bc8e61b75e595a80ff2b6d150ff8b27187a8ba426cc1e5e38e193ab6d42
SHA512

f7ba1353e880213a6bdf5bd1dfdfd42a0acf4066a540a502e8df8fec8eac7fb80b75aa52e68eca98be3f7701da48eb90758e5b94d72013d3dff05e0aaf27e938
SSDEEP

12288:GYa9sBhIBdCdbX1USoeQDj/VNpA+dZIznBpGTEy:Pa98hIBdjSoeQDj/VNpZdZIznBpg

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	pastebin.com
2	pastebin.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{62EAA155-ED1C-4470-8F0F-965AC5E49CF9}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\a.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a (1).htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
656	msedge.exe
656	msedge.exe
424	chrome.exe
424	chrome.exe
4520	identity_helper.exe
4520	identity_helper.exe
5152	msedge.exe
5152	msedge.exe
380	msedge.exe
380	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
460	msedge.exe
460	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
424	chrome.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1168	Bootstrapper.exe
Token: 33	1344	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1344	AUDIODG.EXE
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe
Token: SeCreatePagefilePrivilege	424	chrome.exe
Token: SeShutdownPrivilege	424	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
424	chrome.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 4800	4000	msedge.exe	86
PID 4000 wrote to memory of 4800	4000	msedge.exe	86
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 4436	4000	msedge.exe	87
PID 4000 wrote to memory of 656	4000	msedge.exe	88
PID 4000 wrote to memory of 656	4000	msedge.exe	88
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89
PID 4000 wrote to memory of 2308	4000	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\SolaraB V13\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB V13\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbebce3cb8,0x7ffbebce3cc8,0x7ffbebce3cd8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,3639582039066210275,5496430805873134747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd9e8cc40,0x7ffbd9e8cc4c,0x7ffbd9e8cc58
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1980 /prefetch:3
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1560 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4064,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4304,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4796,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,15082076946844819195,2921749894443855837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4252 /prefetch:8
  2⤵
  PID:6024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6709bb69-ef10-460e-86f2-159eba364761.tmp

Filesize
8KB

MD5
79fcf351d31a6529261f07a3adc66f39

SHA1
1ff950003cf627a93c3121bd8adb78115d112c82

SHA256
bff2462925778aec7703cddc6c57cad6b34ba2012000503514d240dee416a345

SHA512
05c87a26bf80b3438cc65332c1f5453be69493514e3a2e06b5cbf3403795c98b5340c3f10c2d31e91c1a4d77371f6e805eef6352562bfabc2638665dd820579c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f6a69f5a85a5983412fcc67443398b2f

SHA1
a619a7e107b9c40dd266bb589549da333b194685

SHA256
ed729d5501396329a9009275547dedb40cb84ea048a3645e78556e36a523a6b0

SHA512
f4f407870edf147c132a4baa4a56229904dabd4fae82652ac3e05be5146ae48bfc8d510dc28a93fabfb6b55782da40b2437f4f1d515f2ef3da9b9a0510aa50ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
59c248df7da432efbe98f0141a7f003a

SHA1
79963ccfc06524672bf7796586bc0d481bc4aeaf

SHA256
31fe5c0d81486485067f2d0dd8347de230703fb3738385c8257867e5ca830fd9

SHA512
e8145aefd76e2625f450882b06235140c0bb2a7401b77eb0e57649e81b32ba150ec935166bfec10e2824692648b82b296630e1409bca3fc1649b7945d5cc609f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b5f90d29de10f52c064fba1b1d00817f

SHA1
a5c96428e5893124b77bff4f8ff1de069e668097

SHA256
55230917869584fdfa9c41ab23c99c1bd152cb4229128db13bd693f8e41c73e4

SHA512
d5428339513d694750594f2820068898a3b4cd7bf019defa33cfaf2284e2a4d4e74108f0dc9a96a81680282570da5920fc789094e4d41ebb307136570c668a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7046d6399e171b9b124bf4aebb116b28

SHA1
81322d847f6f4b965bc0a020b0ea6a51a0ecb6df

SHA256
39e8e96af9da4199e76be3395f9ef0c932a201b0e7e2e64015ee818428534fbb

SHA512
b793cf75e06c95fe273ecdf347d31673add2bbf855a23a372898d88a5c8238e1e83ea6dd6e69a24c8922235f6f41ed027f59836165e3245ba76517211350bb75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0ea0d0efef116e08bc535ef4dafc893b

SHA1
f7f09b1b776d2416462cf70fdf11cb7f1c50b92b

SHA256
8f226a935b18bbfec9682412398f89274c7a00fbbc6ef570f49de1d862f3263b

SHA512
70aba233b5c867f268b05fde4bfea2afd4e6353dfa3ca455bbdb88b179eb2e41b2e8394e29b0a52733763ca1815b3e90e4fa841f5071d048dcc719c232c83f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
209dc79e92c4ae5552567638d56db96d

SHA1
22eb6c724602ab1c4fbd0f8a9899a0fe66b6ff2f

SHA256
a7bfeec14f31f05e17551ddec211021cd4013970ede55afa3c9ba794a039322f

SHA512
41123baca7a9a72f9f7ea0f214c4f043cf171d1860bcc74ba194a188f67f10a283f5854231d70b57110b59dbefca9f08dbfa70d6d0198b524a35703ad40d743a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
70576fd6d980dd6631f5150502fdf47c

SHA1
79f096d6d359915c83eaf9940571f03ed0a637d6

SHA256
91df695f6f97efc9a3e7f23f561f22e03e51c0af5778a782acba85d6fd06b117

SHA512
c082bdef249b9ced147c3fb408276e6728543fc0c76f69f5a7e0dd0c80f1220d2845fca65e14cef61552babad47611b355626f36ce868ec7a8e213d450fdce95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
c1aaf9854445b851138e2034c2096595

SHA1
20164a739e217084ea5fe974734b546d2322b644

SHA256
e32409b0867c8bbf00d6704a3a042d634962f961e67e265aa42bf502572309ff

SHA512
a9cce74b0162f6ca0d0d55094e846bca67edc10e3b441c7e9756f099208381b78fa06d57b19eb0344a63b450b6fe4b7973f571d621c8dcd86fe691fc9a7c093b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
3d495cac2111bfeb9ded706c41e77d2e

SHA1
0e2c8e56285495c6a0658cedfc1fcd47f9c7c0cb

SHA256
bd50c51a16a02cce0b13a5a2f805b2c2d9e72c4d68a256ae77e7cbda34fda96c

SHA512
d83687a440e3748c8923cd3d09d5bb655fed844a206f1363fb7a68d2365d8caabe806a933e524ff0b2e47195c1eed73122089b9dfdc3c4b1ca494b9aab95869d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
228feb8eb04ce33d7edabc94c7a4ec1a

SHA1
20ed1d3c1ba44e635040b6c6c4abfed9059ab1c7

SHA256
839f4e5fc32cef3af07c351f4a04e74397286ac67f5e59b64f2c2d529f068cb0

SHA512
7209103e5ccfcb0bf5fcdd0629e66feb6f9fe5c29cab52b7e1e6f6a442758a8df33db462422400f4404533a1bd42ea44527a07a441eac7809aeeb57a5e177a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
3c5db665f62c0a4b17bb2dafaf4dccd1

SHA1
634e59002a40c5482ac636ac575f9471850ae4b9

SHA256
c0135eaaf20f2d79669602e5931fdc586e094007e9b26336a081b5cf59ea165a

SHA512
3d5fc35819525681e80966e0fa73c5ea10161d6a5de5d572bb569a8f823efd806581c47b114b53b7aae5699674b2ad1b8b489840b7750a405f4d681c842bf27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
adbfa9c51ce68312ab2b0a868bf28328

SHA1
56736baf8706fd63e5f5315ca131a9877cafcd58

SHA256
cf685a858433c433d5a4afd7ecc2b94f29ea8ce49d37904450209ba0df57e6fb

SHA512
f3769fddc4ef13322e6b01d4bc0bf902ac40ec412e6780c6dd049ec533a74d4044334ad928547c1b4e2040557b321d8ecf04ec2be46833776ace85f94a5a4ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db1dacae9540e883ae83489b18cfc326

SHA1
ec3b68e635d8ce3bdafe258bca5187536d43065b

SHA256
3427a8a3b4868bd25a231ee8fe0ebada0b3474f2d8dc0fdd01a8931a8700a37f

SHA512
2e40df3bd1a045c69173f1a169b7080163de8f62a44d41d46c28f1643943657c532caa72f65b44a2175f976fdfd3d8328d989e011730aa851aecbcf02dde4a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04aa3f476e468ef3c0866e8dedd8f6e4

SHA1
1e9fa8fd586c03447a4c5b4cee261900e9f464ae

SHA256
87b74207d65f6745b38a19dce13336ee839fb4d7929fce446c3d1177aa80c42a

SHA512
7d860bbe9c847ea0b60f210860d865f1e936aa2210a6f9aa87e9fd72f992a022ecb9a1827212eb9b97dd7798540770f55c67362714d90d0bfd080ad1e5e7aaa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5bc8d5b8-b01a-4f82-adc9-ad2672f3b77d.tmp

Filesize
5KB

MD5
a22b1424c604505d8c35f7392e8ab6e8

SHA1
96b1f4dda6fcff6e1c0815c724b45c82ba179e54

SHA256
82c36958980744a5507e968ec440728ee1e00808843ea20a6a96727fb25ca566

SHA512
e3af6a8e020e55e446e88fd2d2eea869662d32c16bf745f4d1b98ab570b7ea8c0076d875d891dec4c2c2b9ff3750556f9794ec7f4ffc37487f571f4f2a32cf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
fdc0fca51c36eb5c7ce307d63de232a0

SHA1
5577debd68e0d8a2e0255fccce1898b759ca8827

SHA256
d530c57d71325f2866ce0cb5bde0e2a62dda47eaa4661cb0f466ae94495bbeef

SHA512
6458c32a7938df09fec6648914e9034ea84756aec2a906260001f9b33a841357e4c3bcf432eb29842d24457055d81d291ef23381c09b40c95fe46ec04ce28297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
62KB

MD5
f9f305e10bd8ea1432b9fd1d355ecc90

SHA1
934ce6d59f903d145519d1066bb574c82a25edf9

SHA256
01d35e181e0a373c0fae013280a79616dbb1fc2d2f892b3215c941c098e0c9c6

SHA512
9efb67bfc44f6c31137e0387bac74880f9b93d3645837805ac6ffed7e7fad5be7c3812cd11c9172b767ff4cc258fa140663c33892ba8f28ac2ef7686b3bee0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2c738506480363e109e511be1bd3ded0

SHA1
b239f00bfdb457316a0cae1ea849edb020d29303

SHA256
a1bc90eb95a31400cad2c7a87da65814a8a562cddb44e16a1eea3c5b165bc1bd

SHA512
63bcec5e951b1867a8b2f4ce34c685ecff2c23381e53c35ca723d945dc7518750c3faf465b6ce635a1ee71ef60ea7246f372bd2f10a3b1d2476464ef2a77d6bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ac291a3d09ece6b7ba22785b4b59cb3e

SHA1
e25b18a55b20b3d96c30e80a1c8c36b054d981ed

SHA256
562e9a68df76887e391237d64b28671846940ae3bb87dadf46442bbed5170ae0

SHA512
33b6929a5363b41e5ccdcb9434accdc9a5aee854e30e972eee2840b99ab26084f858aca7465261add8d2c9e0353bb1c2fafa34c7fd079f74a4d3d3b81b4ea78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c60516e72bb8a74c97e9adb1fbc6f972

SHA1
e9ac983efb41651bfab502adb091860f493d55f1

SHA256
2ebfde20b4218753c1264168b8d34b0eda23e96529aa0c22c988f934bb006943

SHA512
8c3a17b80efefad9f01fd7540f3a4f0003ed9a80edbb82d3e3556dacd3abdf1df1ed5d68a70ffaddb67ba9cecde21efa31808d8e5159a61adf19e40b592b4288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d9f800a3605a055ae4a64ca6a7af8745

SHA1
7782e67a5f97a1aa317744f0fbe5145bd8c15567

SHA256
5eb8c418aa7c7d144c2404d5f13e55aa8883629da554cf3f139272fbde137ff7

SHA512
b7d41bcc71a180f5ef7c917e3559f0f54cafcd75cd3f73df26deec90089159025979da79e695eef5e25b05a9aa817a256b9374ad86283b3ce1848a1766c6dba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3de6de9eece70c3115f7033055c92a83

SHA1
3eda6a6973c6e6d040f3582d1abf9912570fb2d2

SHA256
76758355cea0f5c2786aa12dfcd2c13cfac7c5c9a82c8d2aaa9f393ae3eea547

SHA512
524f5a0e060afd753efaf444cb2df3cafe164f9dc3764b227a3bff45ec42d6bc9153c702d2b3383ca144ba4417c4e688b90116ac5052eba8f240cb53b627a4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f26000eacf855da00ac4fe6108deca7d

SHA1
d4b26797ec588cae552d171a32614a125a6d4872

SHA256
88f87714ac56255e3cd4216f85f5e05bbf5804fc7ad7cc8ab1f1e6a4a85b6891

SHA512
25f2c2d60fcd35aad246f9d72594bc25fc1dbbce89dad796d306073f27afff0c103752eac985c664f16f99610ce7f6938d113e81653897ad34d78986be5c3385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
49e360486a373adb87e38701890b7d3e

SHA1
f6349822678a27b8612e3b61ecfdd5832bbb0aa9

SHA256
d0ad9f70a90c73bcc6367550eb6f89a39a4125ccdfb19cf103f41326fff67d49

SHA512
768e587dbff6c5594264ebd9325785f26abae7705f8f64bca33675d227c6eed9b0b6917c7ee48aabdfd51fe3286a2e38be9dbae8557823742e23611a40073045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
a34680f8b1266e2832acacdd5974cb48

SHA1
8ed0a05cd9bb03b4990ba77cc79662cacb1e9700

SHA256
cebd372ccf5372c18ce3b746cd8dff2d0e01ec59542d1b3079887f9a8d1d1c21

SHA512
6e4739b7489525c9979dd92f7c480d9574b4215aa92f65edee6e5db9aaf555d9c0ba578d6b6ad92c839648060157967e97a16fdb9d66ce173db6f7c82dd8562d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
63f1f6b072d3c16622ea3f049d0dd262

SHA1
c86f1d120bba520cbfba3b9a3e9858639cc7758e

SHA256
2a95d084d8bddcc3bed2e6cd85a9f0951886c13063ebc5e1d5fc81b713de6839

SHA512
c0995f475a296100dc52fb4ce2efb820b7be419c2f4ab55af2a4be91c1bc69f83fb2ff3426c315e801e1f6340ffc3fa515ebcd95fd8cc0e12cbefcaf9c834445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
d262b0bedd266bfdc011a79d2ce1f948

SHA1
bf7bd0500301fa53dd78011f8dd877e25ce0e41b

SHA256
9781a5a7e8465e322592a9e0bdcc22a6a8a08876f4e756f751fc782399234330

SHA512
ceccb7e3a675a8954b9f03c292e137b8908fa48da52a321fd2811689b7c7c7ff060222d40c370ff5cd9fe8f6368ebca3969aeccee13895014131831652d81711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
71e0e4d488c6128ebf0098e6c3f13fb1

SHA1
9de9e3cdfcfbc60d94a337cfbc9682614ca30cbb

SHA256
69f123b46d4c14da1167ab169fe8d6b19443786a93a64f8dca71181bf1b2b699

SHA512
26aa4d310200f5df5ace82f8c6a34aec5387574ddb5ee9c23ca409a904e0a37109060263295056a4065f681923e2af2285dcc14d6f1e135ed58ffed98b93a735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5910a0.TMP

Filesize
538B

MD5
c9a7152542188010fc041802870599fd

SHA1
6dd1c25499a2f38192546a9adec924e3ab1f2170

SHA256
865a500c03982e38cac28cd8e5576b6c43a28e9ccebf17ac79696718e3496b1a

SHA512
574ca16da59ad289d7685ebb6dffe725c6a1b1feebef39506c6d1f6c9212069fe5d438ca4082e1ee2c12e449b280c6aa7726c78ecc7ddbbc509455892623df9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0eaf256ff0684dafa2c21cafe71e4c6e

SHA1
7c83ffd12f491064fc2096cbfccfdd0d4848d552

SHA256
57ffa63ba8e98adbae930bc82924ae139430cb24f9007d9483d8a9b8c53d88f7

SHA512
7b5200daec3cc19852f2d36dc3c6139b9fb25106909379ebcb0420db1d26c45aa1434029764421fcd655673312fb1b86a0e4dd6484afba04ac012bf85cbf534f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb5dbb6c1537d62a7ea2c7630d3b7cad

SHA1
caaef441c2a3612acf59c6efb5c0c34c9e4ab4c8

SHA256
d0fbc854aed0ca7ea291964b6f18bec8e736d6c7fbe4687eb82acd78931df314

SHA512
97d11537cf7c91eeb17add9b736adad4e202f51e634a1b8e11c8024ba9dcd973062ddde33dea7fbc0c5b774c907c32fdefaa6251dc3659a799bd931fe37b5326

Download Submit
C:\Users\Admin\Downloads\a (1).htm:Zone.Identifier

Filesize
491B

MD5
4b0deb39a5361bd2c88cae64c3dce7e8

SHA1
6250e3318de9de6b7f1a1c62097e43c50cfea0a3

SHA256
b1d29a8c6b9b8957d4b6b5aaf0fb11ec4236256d1764fd2e8eb5eb80ce9801f3

SHA512
ebdc3b8edb076ac4c99085bf88821b0eb2fb58e6069ab8c224f4f9319fcf0816414c642ce5f69dc6f023fc3d6fcdeda298c357cabf7fa4e09e5b6b725f7be2f1

Download Submit
C:\Users\Admin\Downloads\a.htm:Zone.Identifier

Filesize
491B

MD5
1f2b2e852326ab1acb88d5ed6d2f3f50

SHA1
d2aa019ecf066ada06751a2c3ea5647e8b407d26

SHA256
450a754f38b35826e2e7d9e6466fb0ec8b3b25aad85e8dcb7e68415b0258cfa8

SHA512
7dbbd48a60841bdbf23d8620ed945ea43ccc80bdaf3a49f156e10e074e026271257d5d800a9b3b9cb18fca1d6f03a2509bf63f5af3cab5dd05680fc090b3453d

Download Submit
memory/1168-0-0x000000007525E000-0x000000007525F000-memory.dmp

Filesize
4KB

Download
memory/1168-1-0x00000000004A0000-0x000000000056E000-memory.dmp

Filesize
824KB

Download
memory/1168-2-0x0000000075250000-0x0000000075A01000-memory.dmp

Filesize
7.7MB

Download
memory/1168-3-0x00000000059F0000-0x0000000005A12000-memory.dmp

Filesize
136KB

Download
memory/1168-4-0x0000000005A20000-0x0000000005D77000-memory.dmp

Filesize
3.3MB

Download
memory/1168-81-0x000000007525E000-0x000000007525F000-memory.dmp

Filesize
4KB

Download
memory/1168-84-0x0000000075250000-0x0000000075A01000-memory.dmp

Filesize
7.7MB

Download