b0a46f6c23505e15c64d15e5c3be708a68d3dc4098c53cd0db24c9550a5c11a3

Resubmissions

19/11/2024, 14:28

241119-rs8dgaxgpp 8

19/11/2024, 14:23

241119-rqapesxgln 4

Analysis

max time kernel
149s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd42e30a-cb43-44b6-b3d3-8f1ac4c98221.htm
Size

11KB
MD5

09eeab1b61f3ad1d6d86b0e387ce7ea0
SHA1

3deb1dd145517c9141d0ef99eae2b727542f7d2b
SHA256

b0a46f6c23505e15c64d15e5c3be708a68d3dc4098c53cd0db24c9550a5c11a3
SHA512

57ff8471c338e490afd029f49be9b9731782aeaf8fa84d533fd09046511b4216248a9015490545c2519ae5681b32769e8061308ec963b2d5a5e1178127094552
SSDEEP

192:+u3d5a7061PAA4iY5XccWqJYpffR2UXF9b4p06nsGGfkCeGkcwDXFhFqeVvdf1uf:1M/4FXcpfhfHXFJ4p06BGfkDXFhFq8xE

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764998875186614"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
3592	msedge.exe
3592	msedge.exe
4116	identity_helper.exe
4116	identity_helper.exe
1332	chrome.exe
1332	chrome.exe
5636	msedge.exe
5636	msedge.exe
5636	msedge.exe
5636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 1080	3592	msedge.exe	85
PID 3592 wrote to memory of 1080	3592	msedge.exe	85
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 1436	3592	msedge.exe	86
PID 3592 wrote to memory of 740	3592	msedge.exe	87
PID 3592 wrote to memory of 740	3592	msedge.exe	87
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88
PID 3592 wrote to memory of 4128	3592	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fd42e30a-cb43-44b6-b3d3-8f1ac4c98221.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81e1e46f8,0x7ff81e1e4708,0x7ff81e1e4718
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17266569397969813827,15291490778561673710,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff80d2acc40,0x7ff80d2acc4c,0x7ff80d2acc58
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3356,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5280
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7af7b4698,0x7ff7af7b46a4,0x7ff7af7b46b0
    3⤵
    - Drops file in Program Files directory
    PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4424,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5168,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5092,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5216,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:2
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5064,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5076,i,9364442587758476633,12351818809759373355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:4812

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2f30c278-9071-4666-866b-24c318baac60.tmp

Filesize
232KB

MD5
fdfc8fd43eaa20f9a2baee3eb759a002

SHA1
2ff75584f5a484c7466548ebf4915e7282df6a06

SHA256
64bc515acb688c1557ff2419fcb6e68dfa28ee4a6e21955ce1a0e34b34b4c830

SHA512
7e0d6bb85abb145a729308388cfbff8eb789e0967cb1c0660f098ee94bebec4d43ffba4dd635eedc832b481646c0dff7a7eeff93bad3c10c35b8a992943157e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3f91515d2965512bdcd420c111d0f900

SHA1
11c2fd0e1316f635de6d6b0fdb21fbc6a6cd39dc

SHA256
8dbf6b9283923619b7aa2ae070ea2f83d8fa00253988aa9ab66bbcda24c79ef6

SHA512
80ecfbec0f023181ea2f22c12901ae68540a72684cb87421ee8fd3836b7bfdcaad9002efc8f8f7cd50f0a506de93d512f5f6ab03e972872a763a588e6b9b1a50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3f1e5e88b713354b2cc6ba75e472ff7a

SHA1
91a4a9a8b67671c55e11c36197d12126eb5d7f91

SHA256
0605880c46f061ade4a8700623e5b8bb0fd5422d4a7d13b2df2a8985ef5a2d47

SHA512
f06b342ed539fc644c839629e3941e50046a60600e45a39ccc5f2572e9f515a2a9a737172665599b78aabdcf0b02d64787df4fdc25c859c2fdd5e19fd843acaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
096ad351e3c9ccd5aed18a6a31c74950

SHA1
b46cb8f31843feea44f5faf6b4e2ee3837961bf1

SHA256
99776cd307c0bb9533792a7b1c3a8f09f5061c3c3d6de1ca41000d55fa7d3a97

SHA512
f48c05ded2f79d257a14b1cca8cb3618653c208b8fa48b84cf4b14f302047a5c6b1a8d1ce9369676828804ec41ed546fd2816f609cf4fbdf81b43787fa3e1aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66c20f7bbb97209773c7cd8a5bcb1b0d

SHA1
97ac3ca85b792b18d732697f9c1633216cf20607

SHA256
50bfe9cd1b59b7b6e834e61eea710611249b4b05425858553c83464b9a3ac1a0

SHA512
9c7408b232d7e3243bb274730cdd5bd2d544cf3711c0b3afb8c43230a73210e7ce11b806c463b7c005d956a90b3b8ddf587700a395c15ca57b4a4166e2ae26b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56f069f6a0bf9dbe46bc74ce92a949db

SHA1
cfa64f7b9b8a66a8f4d39a7b05d8b4cb4e30f15e

SHA256
becf32bd72fd91fdb6a8b2a9290c6e540d78f015569defea0c1ef5bf5b4b0ea9

SHA512
f2b6baf1b45aa03f09fea13d8c682f4703271389d064c474fd36ea2d71f2dad2b19ae12d11adc9c5abde0d92d4230f6ba28ab18694c4a10d2b966d3795285895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
623e66324627c8f150926a3e4b8e80ba

SHA1
ba1cf3b7f597284238457a38559c14d4256c5c65

SHA256
0db20077b0cdaacf8df9daf874978daff68152ec5f45940421b0123e81973612

SHA512
5de72af8aff048b2f64fd10c17b385e450fb9d0838792714b774e26248a53e47b2936e5e474b0a88b3cb30bd1586f445a53d108c77281afefd51af56cb660bbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fcc174150d3238a0afb1a3d35c1b25e

SHA1
783785a6ce4322cc55af92784fed9d5784c91908

SHA256
989a311b27c284e79c9e2b4e102ece50b9fa14191098797495b3d28ce1e146f4

SHA512
0d46b6950a7d405832231361e4d1165ce875b02697aac45e80826680655b42ecfa536c4f2da693348a8fb53b1b2e6bcb8ba248f54395aefea6385fad5aa5ce1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c12bd8859b3667dfbbc9d59126c9556

SHA1
35e6736b3efb51a5f076bd877003a4b46f945e17

SHA256
b9d3e3a116123436c0631ba28db2e9ffd34fb9ba3d2143100778c454fd7e5a0e

SHA512
957e131667092d5d7abcd71cbb01a0c0dcd9b57da01426131d4fc8e4112f5d0da3462483b178f884be857adb8f6753e404387402ba15503aaaed7b31403a23bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39d89ae73f642380ecaf4064c77a210e

SHA1
48b69e836ed34dffb9ffbd959bbed1da4b436a70

SHA256
80e5e75ec4e9f05bd908eefbbbe3e0df9b9b4f0e6c3a0a83493cb5065193438d

SHA512
fa697125c8d11e8da667e6988748adcc7853fa7611bb7c0fa4dea43655767b8f2404c5e2f62a42000b248ed1ca8fa9813e30963c8bf9e7ce71e68437d13ae179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e0a5cca82fabc54a37ff2d5c3253e2f6

SHA1
3eadb1ee0a32784c000eae384e186f259941f8fb

SHA256
dcee05a55af5cf63b4ad7dc347128a114eba69d3324497d9b3211ec3a56ec79b

SHA512
a2d7163de451ebc62d81b1fd89570a8f891a3c70fd4db2504eb55065fb8c2b49e7c450c37ccd446a38ca59f2c11344396ab7c4b642215a4dd78f7629a282aa14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
766ccc66de9a8890d45a5a0e674c1b7c

SHA1
792c7a55faafbfedc9a6ab8bd9bd16e3cf82262c

SHA256
55f75b649ced35ac50593043d9d12772264a7e045d73fa72e9368395e698c5e8

SHA512
29c85fe21f95df0442bc5f1c63420f4f2ee92dbc72c0e14796c397fd837148a13b578e9597f8432a5260e947a20710145b713417158d4800305808dcb12b7001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
bd4977fd9ff1ed02fbc3fb2051b096dd

SHA1
e7bdff00eb2767df6623332044f15e7fd7578c8b

SHA256
865e0c043910034205dabff668614fc578e78a95d2071d5613a5c1731da69e5b

SHA512
0ccd48be0b6ccd6bef99cfb316d9f5f34b496f2c15a0967f8bfe49cdd7d56dfa90d4b43b05d8bffed673d49308bd172b075d8f353f9ccece77017c1e743b3d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a689834d1f36bd97c83d6db22335288

SHA1
4b95c39b179e60722157371e78bf83ea5f668df1

SHA256
9a3c251c91bee0ae9487db19cf8d0861104fdeee09dab0b0f8122c7e65431729

SHA512
2eafa1242df10d63694b0a0bb965a2ae32e1280477fc8b1300d385fffb863acfa6619f6a47619ef52d188a4d1c9ac08a281568e43c57badee188de9e52a21c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9255d1ca7aeba1e1b8c36f4250f2dbf6

SHA1
cc49622665af9e4bdf9f54e720fd8bd556ccf298

SHA256
f354daf83507598f4600936be3a5d5b320bc6c0074c99be40ae369ffeda120b9

SHA512
8c0469bc3bd460b8dcfe6f08d886b6c93cf9d6e3bc90faa654fed7a0443aa1a5167345d93ee6ecfbfb3f071d72b632f7e529806faea41243470e56cf82bea56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
912acf7cc101f8667dc99a9ca9079535

SHA1
609a63307b789d575b1a7350bd7f2c4dcd1f32f0

SHA256
df1aff55e75647142e3a4dfe50936b335665199e9609c9251b6ae0fc3d8e23b3

SHA512
d94708b6804373a454427dbbc52cc0ef8021f3755b1f024abc0b1fee42fa79779c0b2d4ffdf953144530aef0105c0a30a3c9b3a92a67e8db763c8380c9730a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
97e346d943d88753fe068add6a81bd83

SHA1
b9887a744b4b715bdcced86e86a9c210a9fb289c

SHA256
4f41df619814be57fbf619af05913f5faaa1b5abdcc7e514437500b7fdadce9b

SHA512
f9b3aa003f52904b72b12b6cbb898ce0ce881059a114fcd9fda3c78a599bbabded51b8eb09459b26b68031f97f2f440faed897e44f9bd5173c67b332d8055760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f6ee5cb495896ee27e6a47114f120722

SHA1
3f33ecf6041b4bff846d44edbe22bd2962702d84

SHA256
ae1dcff5eb985a73a8974436ef2fdd48eacc46a65daea85354cc98b6b917c7ed

SHA512
2ead8df8c3ce00f0d69b9398dc7704991ec408f1ab17937ae3325021a84b8c065e8074bacf63d15de85459f69e96f76515371c75c5c80c26c65c8664f483a8dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\983cbdf2-44a8-40c0-a4ca-9162f662d244.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1332_1045949614\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1332_1045949614\acb87a19-97e3-41bd-976e-e2611731acbc.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit