hxxp://oss[.]jodi[.]org/ss4d[.]html

Resubmissions

14/09/2024, 13:59

240914-raq2gaxglg 3

14/09/2024, 13:55

240914-q8krnsxfma 7

14/09/2024, 13:52

240914-q6lwysxbjm 7

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://oss.jodi.org/ss4d.html

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
640	#Reset.exe
640	#Reset.exe
640	#Reset.exe
640	#Reset.exe
640	#Reset.exe
640	#Reset.exe
640	#Reset.exe
640	#Reset.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	#Reset.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707955788199551"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
4040	msedge.exe
4040	msedge.exe
2028	identity_helper.exe
2028	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
640	#Reset.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 4660	4040	msedge.exe	83
PID 4040 wrote to memory of 4660	4040	msedge.exe	83
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 2120	4040	msedge.exe	85
PID 4040 wrote to memory of 3232	4040	msedge.exe	86
PID 4040 wrote to memory of 3232	4040	msedge.exe	86
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87
PID 4040 wrote to memory of 4560	4040	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://oss.jodi.org/ss4d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe69e046f8,0x7ffe69e04708,0x7ffe69e04718
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5619090091752309801,2609186712764750202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffe5ab9cc40,0x7ffe5ab9cc4c,0x7ffe5ab9cc58
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3316,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3772,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5108,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4752,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3420,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3440,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3368,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5048,i,16834628084913802853,7121750046803820676,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Temp1_SCRRR (1).zip\#Reset.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_SCRRR (1).zip\#Reset.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:640
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:4484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x538 0x534
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b0c616d5c48b58feb060f9c3c54b32ce

SHA1
3c152bd57d0e3e819a6e67f0d31e346e13c97f3e

SHA256
fd6d329f38b6da24674fdbcea6b5fb7396a79939b4514388124c34aa0d74f0f9

SHA512
2f04b62561e3ab17ff1ce7612b868be99688cf7e990f6ca68566e2f43465f7dbeb5dc2c3ccd246a46869fccb34e4c772269fc89ce4e7c42ff6329e798bdee2b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ed24ebdff2065af4901e9dfce2ca6046

SHA1
448c54346740de20008697cfebcd330fc414d431

SHA256
081390cd51dab54180dfa02b650186cf4b21d9a717b9ddf740c41998b2897795

SHA512
e92bf9975452d639c3d6514b1fed43405c03062a65cf84abb305eb13c0d823b0f943bb54e541306b15223440695269aed97d0d8b319dc0ce71d88e0f799a07c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a574f62ceed097c367ce6a7c9f29f483

SHA1
6a2ef704b96295917face5782fd52a0f4c187706

SHA256
5610fd487c0a4ccfc8eb237ad2545a04dcbba75c4ff783fc715d17ad82d545d7

SHA512
4f423391f34644d553ee26e36250204bf62b6a3835f7746b4de3732733de353db3f46a0258205ffdd59ae5bc94fa89af9198eb87633d0e9024decd05f1139604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c667edb6ec178d86fb57ea3e18c2a677

SHA1
c64c01aea0c19812787a69eaf9295f2d9f2b4e78

SHA256
acfc14cfe8644f0fe2a41dbce7df0e3a1349c9a1427ffa1c9050960c870b959f

SHA512
d5a91b4524d40b3d4701de2a4e6cd8e53c7edc364bdfa51e9cfe5c80d2012762de72eb4c27cb1f65c250b0e986b12ff21ab2586a022308b06b499165760f166e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ab920131c60e5f331214d716a74f0ee

SHA1
a6df86eb448e92fdd7dc7bc991275d61243befbe

SHA256
063a1021416785f90af05470978f71bbfffceaf146d3b5e81d011995d420aa96

SHA512
4ddb3569e4ac053d530c751cc550deb8fa5929e23611f5821ae22c85011dedba93d03656b30b0aa27fc043dfa9de71e5002442a2b2f4a7f722f131fc0ad1617a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
230134dd99a2944cfd2bf607d0ab595e

SHA1
7d68e82710ec3e39065ad7c32437379f65f35630

SHA256
cdd65c97f765ca4170b55bcdc5647658f501c618e540e0c1f1a956d0a7375c32

SHA512
2786d30e731b0a8a40e2038c133e82b73278fbc16b76b8c76bea654b9179eecc70d4be09a5430b6d827e50d0da3961cf947e4d6de71c7040c5b28a8c6c1e7a94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d488bf2f619b2f9fae11beb907fdec91

SHA1
4bceacb65c828a15879c13b9f53519bd0a4030fc

SHA256
f2ee09e3ff8c355704c5cc708dcd2e23067c0eaf7d39bc3e556c4afa00e28896

SHA512
5ff8f42c32ee3fe9f546dd6995f2e78b1554982ded484eeb36c9198e9ba90831dae922e47edd9c0573601e420a1c41833e92dc9f7ab0e5050f9bca231aaa7d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e3cbd74f657c96bf44095309904b0bc9

SHA1
f8b281877e9efc505b7f4e888a5e1905357176d8

SHA256
00c31377780c046de498ca1ae02febdcddfbe05838e7af626e2659c4815aafd2

SHA512
f6957e42ee01fe70268a9753f7e1046fe39bf8c58f828eb5e1889e74be31ac63340b8de0a7828de26ffa139956aef11df5da2989a4d6660fa796af1d134c62a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c2314b44b16335b053c8c7d0f7adbd3d

SHA1
3fb5fb91affc24b2e6c8ee12dea7081a7bddd586

SHA256
4cb63d528d5f0d48638c68ea8841c0ab251016183582f6cf85edded269f83488

SHA512
5c8a7c4c1f64c20debc7e27837ce5b6cb8f9c04fc6ad65d000c388f1cc848f1ec783ce901ac2a53b117e389c87668a3cdaf708e91312068ce0fbea8d79b92c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f87808f46193f14ab54ed4923093f8fd

SHA1
7b091f6cf6ef683e83f61d8c14a35bcb914876b2

SHA256
82ea1f1b84d5b9dd002a9113f59fb163495014f98533b204dbf403450ba67163

SHA512
9267547755e4e3638809eadad1ad2b626e286895785400a1ca95d99fd5d337e3abade5f798d9a418492f11abb8d9be2e601032020bb12ff64137b909628e26c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1a144a06b39ebf4451e9bf2149912c0

SHA1
18ea0b82e3bea00c5bc6a82532cf8acad5dd1ab1

SHA256
4ec2fbf11b5d50a0be8b294b47d49de1fe97dc7bdc533f939ef740af2fab6576

SHA512
a8eb61778cd3427a60966d5418ddb0a586876773b17ed7c7b67de9d9ff9d6b171735e50b5fd080da7bb7ae5173c8b44b225c681d9f98e4ae606cda98df589628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cad3f89ee8b5fe2c00784b59413aa09f

SHA1
86c1a332eec4e2d2548c766478420e6a64c4b3b6

SHA256
c3570f27cb6de3cfcfcefde4c0defbfa5bff9dcabc68bcef58f271b772e81e7a

SHA512
8aa45b9726025457c889af1f95a4a138e108017618fabb11b29546abe4d4cd02744833e9e542eeacd20a78cafb132edcc480fcff0aec9277bd4e545d2f44825b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
38900c05fea4f7e4315805e94cfe7b07

SHA1
83551634582f1980d2dffb1b975977bf8a4b7b4c

SHA256
87f62586b6bc2a6f53b256b970c4683dd2776c220d89d0b1c4839524530793f6

SHA512
23b0a5090be1be5a319eb91f55e8deb77ab26ae15461d12cca9652972b7be7dc0f3198ddc3f1999d78631e0c5092f3445c504bbfe9d4a37c667d5a53330d36b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
221KB

MD5
6e7374f53f5c133f63fe8134c5f425c5

SHA1
f659bbba028b4c16a98af307875f553c33cca914

SHA256
2f12f83d90df3775f5122c07ced7531fcbeb0677d7186499c0635509dc214a38

SHA512
d9435f85a93bbe6dbf9651df7cf9a8a109a431c9d476f8079d23cad5eb768536e3c4c5fb8fb42cc7c486384ee921cda03d863a85613d887150f2dc1f8623a5bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
221KB

MD5
8d50080436d284db0ddf9f0a5dddb1bb

SHA1
0ac0ed64810b7a03976a87640abf8cf7464b42fd

SHA256
d5001e1fa0da290ab508d2982a13300dec7a329fbcd776fb46d0accdef89dc62

SHA512
d6d31e49de139e935ea3327ddeee35b2a4b5e99aa4be93ee9384fc72699d0993e1d633f9a8f8ebe9592e4eb06e9efb7c3f1bac6f1ac061708d68aa68b2912bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
849100891cc8f8fa9fc8bb82908f0dbe

SHA1
1b8fc0ca3ac8c5ea50cc0200f7a0aea7314ba12b

SHA256
24a49f533255e526a882b964cd60d98d9687671ede024f938dc3ed04762b9058

SHA512
3a6ec480c6ed990cb708b44c62b590e0785bad90ca601d5758e8b7ca46a27debd49075b3a7e204de1c92d41f84b582c7f7c828ab192f20c2b64d0a1869f3bdf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
221KB

MD5
c8628e94ac55e2696680a34e0f63c961

SHA1
99fe264565a984365583120c1d1014d835aa20c5

SHA256
09850630fceb5d24030bcd7a168eddbf14d72fb4fa786023159e850005faa5ac

SHA512
ff212eb26001a0e3bf83fc936428f44b9fefa90f777f8cc14c51df5fef32532e51e8e83513e75a4df31247c2360966fe03c05cd9fa0195d1cd8d4695aa1a768d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\44fa3bd2-0fce-4f17-b951-bed668b9e78e.tmp

Filesize
6KB

MD5
8c369842d08e528c9f953f8882c19ad5

SHA1
04f1b9de4439ff37dc32fd933ba587dd70268e10

SHA256
aad03ac50a5966dfdba82be0ff212814bc138e67bc768047697953896594e021

SHA512
ac72320d5e06ff84a2a888b1da775f93ad465f56b51ca9bb287d5076376a60f3278bd7f7eff34679a0e6260535cf39a68f6dccf5e910fb8dd25b0c9cf1747367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4be2f2840c6ee66e658670a5a0fd5ff

SHA1
bab5204fa1faec05dd1fc10493a7ce45cae449a9

SHA256
be112eafc51035c6c293b5e1d0da74fbd36d9b369326196d347a1650f256716c

SHA512
72120adc6c03e7c8a121a717f8aa70cc45dfe08c50d3930196e4f73c292a3875ea54ee6c9f0f5276d7e336277aba51f6088cb304190935f0934468bb5cd678a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3a3498f04e2ede50e6731d45d669395e

SHA1
04cf764ec7aaa076e7a4dab7703ed46974fc3cf3

SHA256
c8ce8b66dab777e00dd9d496f9daeaed21f718e916cdd26600b2bed20c0df7a3

SHA512
469ded188cc7df26e9097b6f64e274156194b0ff9630ca015ca5ec2230e4c7f0329f2a8ecba1d853475cd648d1e6dfbcd8996d07bf01f0e122eea948c593726f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempFolder.aaa\dirapi.dll

Filesize
1.4MB

MD5
5a1e0f5938ad41e3ae6bfc118fc57a1e

SHA1
08563478b0be9b01f1815acf6ce4a9b6e034d98c

SHA256
d111efea8d3387d8332339c937fc9d2e6992787149a04392c2f77e78561570a9

SHA512
cd029f531fd5df1dc7bb80055ae5c1eef93dc017a133a18ab696bee7bd49f9d7bb355aeb440d0de4a5196189c6c7678ff4dfcc0e186635a27df06fe1369ea12e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempFolder.aaa\iml32.dll

Filesize
616KB

MD5
d89c95b66ac5a34b0e8673e7cbad7600

SHA1
c31edaa4d9aeeb50ef74681e3330c4189520b1ee

SHA256
10543304c9c908afb4d365c0c377a285353619171c68569c30692dd32db252dd

SHA512
f9da64289e05707270c942a403ef421e61205e8fef4e22af51d02f4825b9cfc8058c66a1fad863d6cae013327d812da83d7a7ceb97a89ae4eee242be254d72c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempFolder.aaa\proj.dll

Filesize
148KB

MD5
4abed6167cda7dcf638903f744b620a5

SHA1
a083c74e430e9a8822b78d52f5aadf6407242690

SHA256
43dd597efcfad738bfaf1275adf8c41480118910cc88f78b5e857c8b39d4b655

SHA512
eb2fe19b3e66fb4e61632d089a4e2e3daaaec7cfe2e6e6d08771fe5d015d3879e1c8c496144d5f043fd4ab8060bff81dcb3ec19ec866f33f6ebd98d10ac8cd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempFolder.aaa\xtras\DirectSound.x32

Filesize
32KB

MD5
a79eef28bcae9ff5713aca00aef71b74

SHA1
d60507817e74f96320054c3c964d74db0b7d77cb

SHA256
d8ca89c97177464c00323f9ad3e5fd95353ce093706c559dfb63a8a535ab3dad

SHA512
04be9a0dfe0d787826fa6370d374c4e9907d4341ad6bfd88f6bfb566fbaaccdbfb6fd8775febebfef0d2d048ec83f9508f1b08a995ef4ffcbfa8a915bffc76b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempFolder.aaa\xtras\MacroMix.x32

Filesize
52KB

MD5
512604ee1606ed14479bb25e7026aa6f

SHA1
47d33a7d4efbddbf118f5d9ce5cb72f0299d6662

SHA256
76fcac0c9cc5b904fbc3c190d6f9d9f14948a4e1c7c9fa1ef535e437d656d41f

SHA512
43149a2034fea5fffa0e8fce25a126d5888b3cfe19e1fa2eeb82861384f8fa970a7599536021e8422479de2c492912224fc2f398f4263e9253c289b55829e020

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempFolder.aaa\xtras\SWADCmpr.x32

Filesize
68KB

MD5
1ccb3abd1364cccb67a5c61fc142eb72

SHA1
9b66016238d20805d88c6082b292dd97bad40c74

SHA256
dd75853f47a8930b523a19842e1391e10a81aabb4baa56ece6fc0e476b2d9aea

SHA512
c1ef3e070c30e14a8ebc0bd3483ea2203401586155488205b61e4713e5a091ff3ec7d0eb79890b3ba8e59745676a0bd8f19b6d88cc53b81b0e6f112938b0cad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempFolder.aaa\xtras\Sound Control.x32

Filesize
48KB

MD5
702620c0b811ac8f48b69b3ae61d0701

SHA1
e278418760b5c351188aab0525a8dd21fe5cfb80

SHA256
21d6ac95dd0d01e2c0e962d95489146267f1ee373e0c3e373b54e42f64a38407

SHA512
9ed94a4910eb70c92a95a3a05d01081c0b07c4fe7a03638a7966a452356f2f9111a10655f380d04731bb85e25f52af2e00a5f31679bf99e95006c629daf5bff7

Download Submit
C:\Users\Admin\Downloads\SCRRR.zip

Filesize
1.4MB

MD5
5bc7c996416e34cb5d23221dede5cc97

SHA1
afe2c6c0863039c11d7b791a91c3c809e1ed9071

SHA256
a2d54cc2559b87841250b25a7b3f72cfe5a6ef5cbd3e720d2782c2f3253f44af

SHA512
34ae27539395c3fbf577be19f0fad383ca862e4d129ebadb2e637e8b5e56dfd96619833050ac2b93d22193c72a8694c621b99a00d32eedf7f57bad7f5ca3f373

Download Submit