54f8f38b93d86146475b8db372afa3c88c09508ae43ac7e4ec37ae08a6b9fa9e

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord-Account-Generator-main.zip
Size

8.0MB
MD5

11ff0254188798e2381fb32bf6e83b1b
SHA1

f6808dfd3f48581b3b4a8e68125fbb4630336a64
SHA256

54f8f38b93d86146475b8db372afa3c88c09508ae43ac7e4ec37ae08a6b9fa9e
SHA512

c17030ea47a1d96da41af39bf921da02501cbd60e382a1dba32811416842de3addaa074ba3504e9b6271b9761633f945a66a8ef8a608d4cdc687e2e66aba3328
SSDEEP

196608:zlot13xK0LzvqyH0dMYQ8KM6SwhE+kFmNP8DohNZ3m4i3e:zlotRw0PvqyH5mKdSEE+kFeIohX5i3e

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
32	discord.com
30	discord.com
31	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674631147326182"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{459EC03D-D77D-47B5-901D-F42DE199D8B6}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{00526B4C-2999-4473-B251-7FD4D06CAD64}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
760	chrome.exe
760	chrome.exe
444	msedge.exe
444	msedge.exe
3668	msedge.exe
3668	msedge.exe
3468	identity_helper.exe
3468	identity_helper.exe
5580	msedge.exe
5580	msedge.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: 33	2612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2612	AUDIODG.EXE
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 3424	760	chrome.exe	88
PID 760 wrote to memory of 3424	760	chrome.exe	88
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2908	760	chrome.exe	89
PID 760 wrote to memory of 2452	760	chrome.exe	90
PID 760 wrote to memory of 2452	760	chrome.exe	90
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91
PID 760 wrote to memory of 4944	760	chrome.exe	91

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Discord-Account-Generator-main.zip
1⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff901d8cc40,0x7ff901d8cc4c,0x7ff901d8cc58
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1572
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7c9334698,0x7ff7c93346a4,0x7ff7c93346b0
    3⤵
    - Drops file in Program Files directory
    PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4676,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3516,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3392,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5308,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4908,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5692,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4040,i,8638762676608942987,9491618958818535481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5204

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9020c46f8,0x7ff9020c4708,0x7ff9020c4718
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18359970304186313041,1431897122173204435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\82361b20-1b34-4df5-9008-092700d0b294.tmp

Filesize
9KB

MD5
6699d0eafb6bc8c9035a41dd110ef90d

SHA1
4bfe8b813f518d240500887b45d3b0ea6b57a738

SHA256
8c20020e73410c3ca436c4f691e2910e2353dcf80a71ebbf4a19ee991491cdad

SHA512
981a40273b6f5cd60df297ea557c5dbb2dabee1c216da03d73f028dc0e778aa8ad5cca34d320091c245a81d6d9a70d19fd5cb63f2368a4f6ddc654db4f25fab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
985d398ffd096206e23f048f4f25675d

SHA1
15ab72836f4b3c9c6961b74dbce7d346a3c0e380

SHA256
2d7a82d90f3188ff384a6e59ded616a1bdc9ed0e19fd54031c2fc79fef598884

SHA512
8973dbe681f921fbb7112444b6f29ea1af9ad05461b27536f6674fc4f2e81be5ef1c450f78c880afc0dddb707deef9a43ab00758182cf29b4c601006b31d1147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
360a025f081f44f76dffe3b043b5d03b

SHA1
f223f767173ccff0828eeac1c6cb638e26062cf1

SHA256
95799df0a6a82c90fcbf7109b216d8765b58e15f3175a7ebce2a217d2f82f22e

SHA512
f3b437e4739ddcfcee0592629feb873bcf592eba01b671e9ff68d42361657df7a4a520ab782e1568983ce5d2a0e9828321c043124507bde7835fff41841fe2b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
217e67350e9bd15ca2c301c683caaa16

SHA1
b701bb202fb5d53d127d00ff641596c6b923bf7e

SHA256
58632040f75f82f2bc26969c8aa0b7fd82f25b1bff4edfc84990cbca035ecbe2

SHA512
4d4fc9f3b1aaa6f5b582ce40fab2e6f0e64712c9c6fadc6d2228108808ca9ad83660b366d89e8c8849665909e41a73eae810bb91c84ca4b65006330d087b845e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f7c2fda623f7a2b46f05b589b80892f3

SHA1
162859db4416bc362931b185ae40ba6528d48adf

SHA256
8c8382fb25e16e38d694c5a9096f414b1fb08ca56bbe9067bb288a90c78a79ff

SHA512
ebd7aa153bc44d6fa92ff41e55040eafc0a94e41dacbb3b9bd28d724b7abd0091e6834734dcc98de0ae5f56f49dc1d25a64a8fe827229547079b498fd32d6318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2b8409844e3e0434bd24039326f66953

SHA1
86674975f623d069143c2cad8e6083efd94c0091

SHA256
258c04d3bb715c788e40f21a0203804e56207e5b12bc106fdecfa00797df4e60

SHA512
993a9751286420ddb928e7a6b55f27f1dc92dcd8d8a7237ce36809dcae3061ad22a4c77d7b812d4ff27ce3d0c1213cf0b60ffb2b2140def96fc2056aa058379f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
09c9dcfc99511bc47237b9157657d931

SHA1
cc7b4e8620c2acdbec209af2e520a981ff244ee7

SHA256
8ab81155615daebd0e2a19e5f8dc7409d08f12df7d49caf74b889923d6c8fa89

SHA512
e065428cfc17ec1f3cc63183f2cde742c78e25d90b0ed4db7f72b0ca275692295feed6ef1038262a092caad24e350b75c92072329e60d8f0c704baf3d180b961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ccaf0d693ce7e5573d94afba115611d2

SHA1
efb716ab07f5e0f612b45521a00e67130a39d2ab

SHA256
6b4e08fb22881d717b3d98255ec367f60edc381e7202f7931199790e91af0c2d

SHA512
52e89db409c381dda216d22c6c6ef0d5badfa3b74e296511bc6cb8f6368a2073eed40e320fca6df21878da932aaa0181d86d96ea8b08206b3a3c1da7a19fe926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65ab1af36f2c440025e9bb7941a58ea5

SHA1
69e37103566aca869b527557565eb456512ed385

SHA256
aba92f9916e89c59f779a4140f9ea1e2b869d0817ef8c2f442ec1a7d214ccbe1

SHA512
2dda87c53ab72f24df2807782ae05dd5449f6a1496e7622f5aa9e31a19e6e8ff9a3d67dc131d1a1c2616566eec532c889078336e73933448b3b36f358bbf43eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a7eec0ba2c4259a9c891f0aed13999e8

SHA1
268196c873e63295e2632523b4ec074cc83b0931

SHA256
a9d95eb6c813856e87b06911e61acf40a47597ad4d25ba9550a66c8b5b5929d1

SHA512
a19c4599d1ca4fb2c2d913a419dfdd13404ee37f281e6bfc1c823af7484ce334147559b02f5fcacafcaea28a1aa59fc5d6fa531a4860b82f21bf4a8c81e5d8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8332fae692f7ae7d90d22532add9d908

SHA1
074d47ccf309858ef1a6e8f439280274ef537d3a

SHA256
4c456cde09647528fa933c3b146f225e541b122457737466bd51d871ff354a30

SHA512
571abdf11b206405021c41539ab86e1957c0a392c7945be818d152db0829b13ce1e723be9417f6f5fde4d3cd0735dda1eec1d93333e7750dbd31ac1cb02c0c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8274015d569230b4765d6dab115ee49e

SHA1
b78f28fbccd9e0812d3151d01e42eae848295343

SHA256
8e4ca9df4257934c78211ccfe6373c79ce401993fd64629765084555cea40355

SHA512
e303e94058bdf14ed8cce53060c54fa2f8f01dc688f983399e2c05bf326e30ae200681029b897a08b5d1201455a31de65ddfcaa645117942aa1e2b4d7c173d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1eaa58f85370d3a1a01235cbdc4d1cbd

SHA1
0869102868c9f66a9de61a25bc14c708eb0af584

SHA256
58f37223b8b76fb0b028ec8a8618461dc20cb858b62870667ac7c54b29430306

SHA512
0f0af1ed07b0483b474faff60fd0e3c455f73fe18cef8f2f7633839ae5665a9e334cc35cd8d53456c617ea88702cae08e53526b5ffd6b2ff8c246579c3590179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3905edb794f7c18d0a53dfd87038b1a1

SHA1
b22309d56b718510906d972c0b4d4b014e826766

SHA256
51f2c7fb87a1c8565ccfe9c93da9e387b0fc4c7e2fb42da66631e7c6d187439d

SHA512
9ec301749251c9e88e09183ebc4c84497d77ef61fe8ac97c97828e2a43585f87daaff4c1375b481f23e3143b82be960ed86ef46e98c5609a607a2ce6f0b79c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d20911dba16567a2344af5be88422b5

SHA1
5b9d78a695760295ce9285860694701927b7b4b9

SHA256
3c9272fdd5b6dc06caa3aec9237b92b48284fde709f31285ad7c84101a29a800

SHA512
0b09143e7913e54633103143d7cead57caf2a2128cb6f7bb30a47c685c27d1eb8899f216382de7ba34443847da59fa75bbec8231ce8d9039440615313f087436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5b01ac2fe4d7914ec04f5afd77da901

SHA1
82db2fec338d9a76f32e4be3e66c774a3558e341

SHA256
5e25b7d3a297313450c6a74facd9ba18b4b22791c37c10347c99f09bd1530fb8

SHA512
375cc2c9a92a7f54471001bfe4f72588578e82d94334665237c64561ad564147aac71cc9c7923294e53bef920ec42b522188af3b2fa87f8c0051c4c8b8c137ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07e5d90586ed853065c076bfcf7bc471

SHA1
f669b3159698a1fa92698bbc9bd0304b6f0acb19

SHA256
f6201b956e7da776f894765b3d5e195137da6abc32744a32efa830f5a0009978

SHA512
7d0ce0b3c4e61778704fa29a5ff06ec1733a45d39ba0d127a64c8349392601b3fb23ed2388ccab985373724d150b96d72ac9a3a47d47e72d772ed4085a849918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ded410714956ad61948523e79d85cac

SHA1
0ac90ffe9587a4ecd182539e8410da621d3e6227

SHA256
692d31b01285a36486f5f9134db4c66073b56bb0e5a7610c48278097ad808d3d

SHA512
198d277a1464fcbd096f29c27a8fd6c77248a7fe2a6a1017747de8399bff93a06a892db04aaaffa2d7888c2c07834686f074d4a7ffa5e7f4b62188e5f9bde817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0aaf31f898afc59ad7b5f5de7d194830

SHA1
38b1d75ce23de2205d1f0cd76b6c7d47f7ab7580

SHA256
faefb7ec286c66094058427342b58fc7910a82b68757cd4d64fcd28a69809909

SHA512
c90a47ecd65329db9af968e30dee8c1e8bf8123a4ff2ef67eecef866f5b706d3faf445e8d9e7c8136eb6ce7ccdfb55a5b44581d3565a6bb85c191cf26eb99c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
4edad9e7d80ac5ae871339748e8f52ef

SHA1
e27d2913cb7313a46938c22e30bc9c31545237bd

SHA256
5ddd715dba324d56f95585656eac3f8403ad98ca06dec536c33f2db221f63ec1

SHA512
912381818b57b8f6131bdb077bb77bcc55469bf96a52064e6fefcda67b9383a6ad45f45f13a3972dd35d80d3e69a15a9d37cce4784aa29a577671448440c8493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
0312ecb5c33f47acd816e7cbc800c4a7

SHA1
45819e25090e04818f8265d76747b80b9089f863

SHA256
65f80853e535f9d1e8df71902536da751429fad299984b8ff7e1f09ddb87d4ab

SHA512
124cc50564d012c090f80da24604e2ad708fbe17513d8485dfb9c705efa975a84916147943579b82989773edd841080d13425f5ce97afd7b347f305fb1b65aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
afe05bcba7e9e6cd5916330c8fbe7a19

SHA1
e5793e58f9bb5ba3356fcdae3baae995fb24a25c

SHA256
1d8998223958898966d9769d279b14eb85ddc589502436f5e16c7ff42ac4c5c3

SHA512
2d9df0e7ceac4de18c4e4d6d6df519b65ccd53a13d072a9ac0ddd4c4bb4488d9f8daaa01ddfcb474cd7b024f9d65d9683ba92889514217dbc336f964d71b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ecfcd107df8ee63f953c6b802f226af9

SHA1
29a813958d5640eb8587a117cee2a628b98ef971

SHA256
caf6e3ccbc9741a3a680359c46d1f42b4fd14dae009255c21392a47a7ce6ad66

SHA512
a178638b490555821dcbb1df3413e5533935dd3c0a06c3d2bb32bc2964ea72c9a99934ce7475132bc099b6255dfe72e95ed6beb0da17a3e5d838b5e7c53405b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d95cc95d4ff2d00693cfc438d3bf14f

SHA1
3c01edc7ce2fcd2401a8bb5c3697a6671955ec31

SHA256
79115457bedfe472a1d2145b5bb1a325cc9b5cc28f7802d4264ccfd920c1f2e0

SHA512
a621434008dd4a6490427941004cbcb0980ea70a9db0a515454c90746ea47d66fb2c5f86201a6baf58999b097284da5ab5dd9f09ad4ae07d6e441270dce1ba0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9d6a6059aba332cc2919ea93eed8269

SHA1
a342d53f51c311f5d459b17e45be9f92233145ed

SHA256
23102625e930424652184801e7cbf98954793fe84df0507c8b09253c701e46a2

SHA512
0610948ebd09dc19f5977e9380a6fe2e15d6fc065e026fa025f255debfeb764e1c397f40e912f91d3d1dc43c3887b4bdec863aa8c9db44fc993d966ad697cf41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ab39cae28f8c114a8264da625458681

SHA1
d17e370a52aa2bd84e124bf85a6d57c22d1fa664

SHA256
2b32da6dfe465eac4645d559e8d10e1490097c31951f3d171089cb7295c5bb5a

SHA512
00f79a48dff70f30fd5f57eaa2a440bc86aa09f31a4d3930d9a8ae92fb72276051e9bc5715b8847192363de5602bf03337a53e0edb818a3d4e573aa3b80b7ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
b8f78cb488955e879be44ffdb481124d

SHA1
7a2f4f83094ffe9dbe348cf4737eca1efe179bb8

SHA256
e793f84deeb55c6535913b0055811de2b2e2d82c84e24d0e3044ba489bc8959e

SHA512
7fc5c07d4b28a3046aa3b5f5f700dda6c8d0f5c6030c665ecf4e009cee5db6285ed8177b8d20084ee259a0f12af98dbbf7ef6f5e6bc54f161a3fbbe2beca6514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
c99ab010109f5f87bae8a41c8538f1f5

SHA1
804ff239a2cacec2b9d3977bc037c754be7e0e18

SHA256
39b497bb1804e65bc53a4e097a8987caa7b1632575fa2f4336d366e8d6351044

SHA512
8d511368c5e6a206f78c6fc4703b121c0a9d0a236911e60e2399e50f4ae3aaafc98866707d16ea4a9d7d79389af72e239d9742a199f368cfe6704bc4c345aded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599948.TMP

Filesize
703B

MD5
41d5bebeed1aab55da3ccbdb878d1d42

SHA1
6fea243d77b6586bef20f2558f488347965e54d4

SHA256
ead6f3d02e0d6222db629ce4a40c09f86641a195ef31e1e47df2a2c15cffef4c

SHA512
907106d8452af54c789a32f85fb11d40bcb58064e4095d506b7da80bf7063df2d09857f55437259b009c111decb3a1d1f8fdec01b61e608d435d93704fe75567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
920be6915702da0a08ac19036db651c8

SHA1
6e7094ed7e7248cca3ecfef9abac80170e787bf0

SHA256
447963f17fa5f241031d5ee91b05046d00ed12dda44551dc80c2ebcbc860a544

SHA512
67375399a3e3b8ebb620c9703c50c37f25f497771bf670efa57c369a338b914dd0622ce1b756c3354bb11d0af5192092d2ba426163e69af3d1255b857b005fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
747f541b9231ae450aff74c02dff5133

SHA1
6889c3fa7cf5d62be48439e60f5f250c81df6c72

SHA256
dc1d136879164396c73c7cb432e9cf7d1784a65e1e22eec25277c30ffefd7bb9

SHA512
d40ba7462bd1e633befe364f8968ece021df6ef6c0a3fe8dfee1e0f811da720b89bd8dd3ae6e73634ad6f57a2c5d56854858460a382616f5168a7dbf10f64dbc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit