hxxp://roblox[.]com

Analysis

max time kernel
148s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766646314251820"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1316	msedge.exe
1316	msedge.exe
3996	msedge.exe
3996	msedge.exe
4572	msedge.exe
4572	msedge.exe
3640	chrome.exe
3640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4892	3996	msedge.exe	79
PID 3996 wrote to memory of 4892	3996	msedge.exe	79
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 2872	3996	msedge.exe	80
PID 3996 wrote to memory of 1316	3996	msedge.exe	81
PID 3996 wrote to memory of 1316	3996	msedge.exe	81
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82
PID 3996 wrote to memory of 2788	3996	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffbc443cb8,0x7fffbc443cc8,0x7fffbc443cd8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13041202464700039431,6313583693439505023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fffab8dcc40,0x7fffab8dcc4c,0x7fffab8dcc58
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4176,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1408
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x234,0x250,0x7ff7d4764698,0x7ff7d47646a4,0x7ff7d47646b0
    3⤵
    - Drops file in Windows directory
    PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4752,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4748,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4100,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5224,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:2
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5388,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5416,i,15812913489777914890,5906174379613767743,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3720

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
883205c8c72a59af010552ad311f62e7

SHA1
626dbb16469339df3aecc88ece281291d1c9462a

SHA256
56028dc10510be6f9b2bc236fe26c790d3f3a851aa8a4420cb3bb74499d84c3a

SHA512
604ae32d8e37304b0b9735c225c5d50451796eea2526cc6c44b1d36a2af841d1733606c4797fd56a01f22922ad0094bbd7616262abf109e50ce332d916c444ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b21af79e2c8f983391a89266648974c3

SHA1
d038828c2e7ac2b664fa7b72baa42b59ccff489d

SHA256
3b3ffbafa534708ec729a32925ee99dde00e2eece69f08c81d1ba03ef828678f

SHA512
637d4403334807173117a8e8ba39bd31858d69725ff3b639976f997f5c8f23d0c72034776e193cb83888ec3507a070ebc087817fda0b489e348ecebd522f8c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
298dca5a98f3259b460fe51dfd3094a7

SHA1
6d2c3f285e9fb5a5ab15f9f970d2dbbd49ff9a43

SHA256
1a7898beaf3cf7231da63bff6390cc002d832718d0451eaa0065b04f7bd638f6

SHA512
c4472dad659a1e78542db7609405d6b7be44f6f7d6151d2cd2b03db35670796c0a2a24b7efc10352152dde7342b6aa7e50ccd6d512d5af869e43d366548a57d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
7ab89c061d2ba3d596f37c625608c6e4

SHA1
709a0e0c5031406e085d9db6156538451bb7ed73

SHA256
7a1d9e9e28197e2c76d49107e5dff3ede309bfe0042ba6ae3942f0d085c8a49d

SHA512
9fc5c16487ef0e1db178f5caa7ff7dcc23240232c0118aadcef154f435b6d3b0992b778b5537c363144cc59fd37db093db8640f203bbafd159d67ad1c88e4a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fcdf48816bbf3b4568666869459b1888

SHA1
932a1d2e39d617d7267ebc93a17edaaff6f2b4a5

SHA256
633e21ef6bb93d0020216098c60651307f78b220b857038902083b50c536a2f8

SHA512
995b8943fdaa7b8dfd6091f1f83a7cb380bcbac9832b1f3aaf57c7f05e0e6760257d5fa81e0b85a583e84167c49473c9109a64f6058e12b972363dc9de1b9b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
078b5df903c1e3acdd756fe5ce73ed61

SHA1
de2ab83b99a56fcd86bdb88d5a32eb9a8615c9e7

SHA256
9468759c8b76bc335374c0c546152b5b645fac578067b531f542ff61dd96db6a

SHA512
56f8f6b4fa6194cd9df3088f16c4d5236acca894b5e3581ee321dc4a6897c182c3815bf04e29cde0fd3c6495d6e7058e17b65ea47e9aa0f3b6ade6e718a4bd75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7cd47a6742b0cd63833db6ed198f8ef7

SHA1
2439cb67a03433b3429a4a6bed38a1067e551294

SHA256
d84e02bb2ebd586f330df4577c68a8046ed138b544f7a3d0b8c9fcd4c0ee7095

SHA512
0f1dea12a3550b391eb325701fd79cfdcfeb7f2e3c68ca7340e65e4ba77fe3b3dc653c415980d120aa7cf37993a81a813a02620d34b19fa39e76e2defaa01d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2825a475fe99b4c81cacfef63cd895b7

SHA1
3f3e87ddbfdb93963f45b3a1b301db08d343d305

SHA256
d88062eaa50efcf8c571cbef72dbea5d2c3db77c4497ce2378f1f7fa6af1a302

SHA512
734756741987a7d35b6ae7f3c1b9eea3fa4c1f2a305376bedcb1d36261a058cf8f1de5ce3392d1d441aaa0c30c537ad8473e1a5aa4a6ac02a5a81bad7afd7527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78147c9801a6a7512d0f086dd918b32e

SHA1
c613eec1185820f218871dd516484fb8322fff27

SHA256
c982facebc6eb37974914212631c81201733bb6acfc5d64c87e3e85188245ba4

SHA512
846ce38d7cc40ccc3aa501b9d507b3c7db8e44ad0e216719002347349144bed44a5ae5b67fa2f6a0922586671811b2993fd2c8a8996503615dc44c61559be341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2fdc06ce09ab7154a45d7a0269e5af3

SHA1
900a74331727e3314bde4be46a1db1e2d0c5a8a5

SHA256
ea379ef7dbc26cd926b5b5fce0fd79d3cd6fac05e047fffcd8d7a6c42947c0c6

SHA512
c793c7907526422a9efd49eeeae6f05f93ef57fa8c4c786530a27fa4deabbff7258753e3b5bd01687ec634e18ba258e025a3646f7b5b66515d336bbaa972457f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3e20958a5f95fff7c68baebd2429236

SHA1
59797ceb435525ad4e3afa0a04e10ca49275f36d

SHA256
62989b64e11a4e979204b37b714a9111def0b9429dcf7878179d294fc5c442ce

SHA512
9ff8b2b17f76e53cff25707769ba96cffdebcdf6702c1ed259de18557864e753de33318d6fd48979240c4823be774f6506f4fecd299819d1e8a00a494ea68014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bbd3f1a5f867e70c55690cf69128645

SHA1
b7807a144b29876629310bbd927b203f94ba3957

SHA256
a4f3799f7356bd2af00f684c3f15364ca8ca1212adb889ac2afbbbc5f0e38b43

SHA512
84925d1ba494a24a32d3b4d97fd6af5f319d1ce84610639221473be7fc3fae824a8eead6e1bab733456062b8570c619ec059a734ff2645e114b7079ce24c2f42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61e07f1b17232e09ef71993d708becdb

SHA1
8df3f06ecbcd82e65ba92e7296c38edbed4c8167

SHA256
bfa1d1f13a9aa00caa4d8b06e2304b07ee6bb9565d015b90d756d98d01540447

SHA512
4292cd31b011f5588b9209cc68c35c0994536b1e28d663f299ec6bef770b62fa23fc9b0ed68ea1116f1dfff0f5b48e295b58abafc07d121a213ae74e6af060a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04c31f2578d8b74a6573b0ec05370244

SHA1
38da52c525a37cc5f1ab60d557e8f1b4ca7e8f97

SHA256
e46b2e40b264b9f42839a5f90f74cecd32b902e72a33cb6ba941ea733606fb6d

SHA512
f44b6adcbb1b4f510dce32ad787105c56bcff89769343050b2e90546e1acbd961e20f2bf5e29d65875e4aa764765644470638e795984fcff4e32b6b361b26783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3a0bbedfad1f13a8c15532bff021356e

SHA1
19482a8436531bbdcb1da15cee8a6f2edfaf7fad

SHA256
bc787e8a72af88569c258b76098056fe6115527e2b082757993e2acb215de765

SHA512
81481c8915b5d4e3ba43c8d97a5d6ebae6b25c7315d3fd5c0272d212c62538f31f7ef629c329a231c50dd20ccedba96f0f733bff0e8b8dcdd2fe418366c3875f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Network\Network Persistent State~RFe5a0d6f.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences

Filesize
2KB

MD5
904f838b9ef150c1894200a2a91689f9

SHA1
d97561d3823226196052ab31d34aa9d6e5b7786e

SHA256
89753f8f61e4f98633acaf349120c25c43524058ef97f875a8b201e99d1496e3

SHA512
7eea8011bdc786c7ec3c494da0f9ad809d3dea6a4b23c4606a53037043cb2e1c3318ed5ac53706a7010988ade917e616c4ebd0ed915f258bd6754373485e6f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences~RFe5a0d30.TMP

Filesize
1KB

MD5
49f644a23e8734faabc8f7eadb296fa4

SHA1
bc57aa0c5c6b52d39cefab03358cd2ff42dfc4e3

SHA256
68573ff7a92dc400bee11a037ad96dc35701914735231280dd4a354baf0b3393

SHA512
82b96aca1098a8adfb294f7924024b8555c167c2d363363cf188f1e71503d208119b9431ed3a4d69a1d93e40f69d11b9fb982f8899b24025f08906cf39badf54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
264b6495aa03a3611b4f9f715715d2a8

SHA1
682ae19be5b575aea869e41389c27975ef3e0f53

SHA256
d3e52ed397a45625771392c86ced4427b583424ec058bd8b6899478acf28946f

SHA512
2fff72ee64c2507ec782d43f49ab68c4392455f784bd297ab9076f5b68c8c3fc80226d60d1885fa787ada30cbf8584717443be79421aeab55fe4c3a44a20420c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
1a961398c34e1ec39feab1ada58db138

SHA1
2dade8414a0a0763248249104b85eb0a2075c2d5

SHA256
927e479eaab93cd181857b50fadebd24eff36a6a1072df495047935f571ed2df

SHA512
fb42460df9664fb6dbb97544b0cbb7fba8be6a03183bdeaee962a5d9c45e82498f04a21ebaa8f167de7291d8146af9a99dc5f1903d3719acf1b87b3f5a1ce575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
c35bff11e1bd919df8dd9d43bcbc9770

SHA1
d5577889717ee0acd11e08b2e7081cb09ad257ca

SHA256
64bcaf632b7a71aefaa0f74bae1d67d2a8d027e8c19c3feba1f39813ab0302e4

SHA512
c978a74e957e0a086d4a05830fe5f5c88300dae3f819b9781b6b811dde68287f0e44a36d92c813b266fee29965a5409caf6ffc119e0da298e16c3108708ec09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
92780dc5eef265209ca85275c6fb264b

SHA1
af0c6987d0574e1fe65682ddc4906b614dce6fd9

SHA256
9925c8ba2867d51ccf9aea726d71f93059b8fbd6367d68def8f0a29cb2c2f251

SHA512
aac6e0c19a216b94ec7b6e3e97d0cc40ef19e75745ac795e639940079d058cca933c69667bd781fa53d49a68ef3ec0a52d0032ac23221ee58b7bcccc6b2cbbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
676a25312db2cac407807573b4510b74

SHA1
863c7e565af9b3fe449182528f6ae2e5fc104f76

SHA256
29dd6c8764a6a1ab50cf728cffcff7b846d542c57ed5fa8a8d4325b27243817c

SHA512
4de144ccdece2810fb8b451777bfe39e85cfe254ac668ab5a129ba7d5d7578940ab95ea55589b6dc10f16fdb09542ec494a7a5c2ad43b6944893e093e2ba5b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
759B

MD5
18f3ac529ed34d951dcf3d93212bfab1

SHA1
f07051d9dfc9e6a33420e54ddb0fe291b536c463

SHA256
4b8cb15e859db9dec342aaca13029cfb02d360e65b2a4a94c6bfa3541b508e36

SHA512
0e2fe456c12d558bfb17a27f24d20aecf3daa6f3b21b8f4661e387bd5dead03bb12615823e98e2b8227cc0231807f256ac78cf8b40b28cf01c338ff7900976bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c88f6f77fa483a7943d8f45428e1378e

SHA1
ee6fb560b08b4752c28d26728e31b60657dee2e0

SHA256
740315843f2627003a423bd71d565a2a5bd8e0836adfadb8b7aa6198d38462e6

SHA512
1389d250c894c31727ae620f3c35096739820c0df5d685a37ec34d676c291617cf3ae282291f5d77c1514b9246034877396d4112a381cf3a213caa7a601ae401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14b4f9ccbf49f7030085eac906c4657f

SHA1
58cca26782858e8d6e714111a630cdd8ad99bdee

SHA256
c1c1aa8c3c3f3cb00d8f8b14ddbad10190ee2afcb8bca4e4a608131b77a50990

SHA512
57389a9bca34386c134f329086a23db389923256cec89ed2dee0e0e24493b579593178a8ada116f94d0b53cc179648e3469c29de3e16be29be02ede9780ee1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a04cd6c4cc34be4c8a7df8db5096043

SHA1
a4ae3ca044171a0526420fe90a7f91f0311208db

SHA256
65f6d3b9924641d5365d202e7a926a8ad5033177b526511fd10ba0de5d843730

SHA512
2101d811dae4b0374f2371ca952254301a8e38cc231f7a3036d7654fcc134bc03946d49aa61beba1c2dd55678b64e7e96e27853723393a8c8dd7422bbf8bbb68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
01c246c6df76f856d31c1ae35cfdefa4

SHA1
14e442b51957e8273dedfd444b0d827208fb6bcc

SHA256
168adc88d3c019c7201191449662a5c87f5a79423e62fee5019c89395410e3eb

SHA512
08235f168f2d30844d7010ff5072923bb01ad80857c5053b4d69ee9a0858a3a44580c2837a16e4bbed33cabceef811392728c9547f6471369b051e6e0a80bc50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fbcfa6eb7f792cdc57418a723e606d4c

SHA1
2937dd78fe7b1215c840cb499b5bb5b45fc30ffe

SHA256
5de3d8c6abecdc15693ffade7fedb85cd4cc1ab0992299677f9cac89959f05f7

SHA512
99018c2491f8c96a45ceb21523842468bddb4d707421474766ff0da102d4618356dd88ae692e56e79c8c92adf4f6a77e8d2d56b672a62707ac6bdb89a4cd3772

Download Submit
C:\Users\Admin\Desktop\ConfirmConvertFrom.m4v

Filesize
188KB

MD5
317c3c1d292f9f63f3244809f651124e

SHA1
b4b4b5ec79bfcb12cc3989751916a6f483dfecbb

SHA256
2644c19266c1a117a2bbb4eb7c6b416f5aed68f655ae7afdcff0ec7646adeba4

SHA512
c80f3c2d09aba4a6195dba4e4c1b495b3be99d0a877cade9ac15aadd6033b7a10c82965711f811e068768f08d258ace97988ebcbf55c287bb7d0accd2e50ac71

Download Submit
C:\Users\Admin\Desktop\ConfirmRegister.html

Filesize
146KB

MD5
e0beca127e1eba36517da19c59bf843d

SHA1
40434e74306e8a31bcf3823b610cb21728683ea8

SHA256
52e7359542edde4eeae7170717eb535fd63a1e8295b9eed4ef0320d58dd9e70c

SHA512
8b6d950b9d3f3c4a6fc964ebb44adc7228904bce83a7d3f769726afb69f7554123bd9e6c4308b27451152b38caee2b47f572c5dfe3a5060778d6de3b308097fd

Download Submit
C:\Users\Admin\Desktop\ConnectSkip.pub

Filesize
355KB

MD5
6d59babf93af73b4ea98ecf55c8cc3c6

SHA1
55c2a8fb9500a24d04abab949aa773c261c6050d

SHA256
4b6270b4a33ce3f19fe607b88c13f97e35c44bf0164c0fa4104e597663914c79

SHA512
00e4b1185b3f7be1fc1e3f9f0153e3c685bdebfc20b7bf2820967c6322a42d9f866563b0e7996161325a34fee82d61b229c1e71dba00b7bacf93ccb182fb0407

Download Submit
C:\Users\Admin\Desktop\ConvertDisconnect.ps1xml

Filesize
383KB

MD5
a0f2a5148a318437562d17cadd789e6d

SHA1
e3a679dc9db04fa9ab102990a048ec705f750c63

SHA256
7e83d9e8163c10527c755878a41318a39bc69ee907b2d770bdaa86f9f931cded

SHA512
f713c36db8ac19f945321e5f0073e61e6129afe26a8e9fec9939b68b2468de60a1464abc8e4db94a8ae151324894dbed8b57318b3abe0f7e4edb2df5253d6507

Download Submit
C:\Users\Admin\Desktop\CopyUse.xlsx

Filesize
10KB

MD5
29c14630094c9b47a67676bda815d7bf

SHA1
82363c580eca2c46cf67540379db796bbf927630

SHA256
ea77f949b264e6a60039e6e3d57c4a1223105f8305e4b66be72c7b35344ad933

SHA512
46c28754ab667159cbb688d0978571d41309aacfbb41675736d96a41828bf87b2fef18094341a8fff7e057b6927a7b5f34ede564e2d7cc4694a28990055b0876

Download Submit
C:\Users\Admin\Desktop\EditDisconnect.xps

Filesize
243KB

MD5
efcc1651ebf028becc845b711f9a53ab

SHA1
9b0c03084a4b84e89b8107044f87916a3f53df04

SHA256
f487ccbec3338e61e13a635e117c7882c3773029e2e438e62aa284d4ab662b2a

SHA512
41b13c1f376d80b85b458aaee47e04c39308c21e56269c080341c5a5210832ab28cfa7f2741b1f0015315a342207fc7b5dd1ce4779a07002bdd22d34619e6d31

Download Submit
C:\Users\Admin\Desktop\GroupUnregister.dib

Filesize
397KB

MD5
41e343bf77cc140c3e0cafb46d23810a

SHA1
bdc7603dc11ddf0fee47286136437d0402e31c56

SHA256
c290e5c587f9067d39240882eb406c0425e7e4304fc2050bbabc7f53419c064d

SHA512
532dd10637a5661e7c729d2c452bab0ee83a302480aee7dc47e9acb9faacbf59b9a7915769c16a712084f55c15433648daa941982db6b6cb03b3945ef77aae90

Download Submit
C:\Users\Admin\Desktop\InstallInitialize.ADT

Filesize
369KB

MD5
436eea45974ac3beaa12064f848791fa

SHA1
1ecc9e585d710d1633c50f107854460ad49ac233

SHA256
ad7286184af615fd1ab8cf52c2c58b380ab7a962e3b33f929675a486999cbca2

SHA512
e743f2b99e1d5fa253ab92ae3b275aa3dd1947f73456b236603a5f38b245422a5b6c936c5abba9bb12b38201280f59ebce0c78bdf03ad058ab2a94868ef20975

Download Submit
C:\Users\Admin\Desktop\InvokeShow.tif

Filesize
341KB

MD5
6d5492484bb1abb7401f99d1932195d0

SHA1
d79c1c9c4b2451f674c120dc8527485dacf3445f

SHA256
1027e02efff48d5ae170b7da20ed92fda996d1332e4a93b989c77895d7d30984

SHA512
8b827a93b32083442460b65163aa7bc7ef5f63cba89c8005671ed9379e2ceec728bc9e64f3c72b4b993a538bd8eb6c5f2b13002c13890e64a639f151d17e5f60

Download Submit
C:\Users\Admin\Desktop\JoinSync.cfg

Filesize
327KB

MD5
665d62d8c39d86996141b846c9d4adf9

SHA1
90b8a33e028049a49765c5656c4da8318ce5b2de

SHA256
6a65d83250b86b658ddcc97c560d8c4498913f62956f2e460e9c71e053ba7476

SHA512
f63291f1b68f094693226eab87a17ca947a2942015de06909645f3b18c341d85026f83f544dcd012b0e3acfacc4a492981e57edb6d259219c1fb04a537020566

Download Submit
C:\Users\Admin\Desktop\MergeProtect.wma

Filesize
410KB

MD5
79ae94d0ed95dfe7379e4791826a2d09

SHA1
af90a02b6c99ca115fe9eb1ab49c539dc243f362

SHA256
68b13c95f9267945f5b650e6a7cb613cf44455f858e0a4bf73ee40a84008e195

SHA512
94d4740aaa43ec688b65cc0f4a93017a1277c42780353e5ea8261106bc6a0a65920aa8d987770b18b572bebf5796160d231135d9796d2de75134c83ff9dc41ed

Download Submit
C:\Users\Admin\Desktop\MergeStep.vb

Filesize
299KB

MD5
748c322c378d5f8a768574fea83c54a0

SHA1
5c85ca99ffe44abeb16705e3863fddcc352048eb

SHA256
9977363947274dc68f1284f384929051726ad3cb61cfb67b97e1c9a49984b787

SHA512
422cce9c9a57cc0104b6aa5dda166f6ef6bf7867319616ce1ff6404ffd466b878e6aa5201fddb2d413bf86afc681cd1b694591dafc3bc46b54e03178250910f4

Download Submit
C:\Users\Admin\Desktop\OpenSelect.MOD

Filesize
313KB

MD5
e399163d7fa6dd463194cd27f8d96500

SHA1
5b55096a8d7b720b354e7ac4ff757e9e32dcb325

SHA256
910af924bf5bd8104aa31ffe5f7f4e9899464d12c9c96ab7898990a75d2dede8

SHA512
dcd2cd046c9c2d9a8ce04442777ad71486f0f5f10c4eadbc90a0e7e1f3c50e11ed655582beaef645badb7ead3490d9e27bb093faa300c2f484222c9d2448b1e3

Download Submit
C:\Users\Admin\Desktop\ProtectExit.cfg

Filesize
257KB

MD5
65fd3406cff947cceda5691dba173fdd

SHA1
6ff8fa2645f1e946a26f855e0b197548da9866ec

SHA256
8b2533ffd20be2d8a3aee4a98c6984e34a09eb7ff0b7169662588c3e82e43527

SHA512
d0f9e91d2c1a9fc932ecc9827eb8c35500235eae829f900039b4bfdbff20364d160196e3289c38120e882e91b086964bd31db378857bf8bb1005e4bfdcf212a4

Download Submit
C:\Users\Admin\Desktop\RemoveStep.docx

Filesize
18KB

MD5
6cd0fc0133ac5dedafffa67f3c18a462

SHA1
0c7d6b5d90871e165a7ddb5b7ef85bd0f7c3b774

SHA256
2f6bb86a9d624f376fd8c369632b47cccde348b7cb1d96536744ea65f77ead02

SHA512
7f0bbd3f8b1df7e259b1d2f32793442b7b6979cd569f786685bc6497f14b95c986e60d65c1502696240762602e642ef38c2aa6091d329fcbf3a773f440ec95b0

Download Submit
C:\Users\Admin\Desktop\RenameSave.cr2

Filesize
215KB

MD5
1275303388f04ba35451c4fd42cdc862

SHA1
96cfb7019de37734963c07200d07f1cff91ae57a

SHA256
aebe84eafb5a2c9aee98940c50819005ebdc0117db1432b1b41fba2b0dd0b990

SHA512
9c000f32c0d147236a210d58f0f6cabcf41fc3e9f5ed3f958a412f5d7e529fdb8c2bd41206a152985c16e1fe09cb4253a5acafb43eae91e7df5483b9fa3d9eac

Download Submit
C:\Users\Admin\Desktop\RevokeBlock.vstx

Filesize
571KB

MD5
320c67f6d215ab772c44a1d741246857

SHA1
6868b4ad42d9dbdd36d57127526eb06cd89f6c72

SHA256
8c160e954a5820434d1ae1475928d1d49e9778fead5c460f1e1ab2055fbd4565

SHA512
99855da75b0de8db3caa5756555e1f488c846aa59b304edead0e166046ea3d09b4b51de6739568ab8e9065e42a4834d706cdeb449f367361f487191b19f00fce

Download Submit
C:\Users\Admin\Desktop\SearchSubmit.asf

Filesize
229KB

MD5
233c7dc9cfcdfd01736c7761c4a388aa

SHA1
62450f161c41bfa517385b6081064c7d9b15b588

SHA256
d18111dab901b4e5c99871532ac9fdd6f8d119c77a2d21640e0fb456f7618808

SHA512
03764076dde95c6a43dae31193ca3d6035ce70253426a3fdc3704163c42840c98197a979ac8b4d504733d4db1b4ebdf3940cd4696797ab7a2fdbe5f6ba3b30b0

Download Submit
C:\Users\Admin\Desktop\SelectLock.ttf

Filesize
174KB

MD5
373ab861bfc97d84a38148f21cd29455

SHA1
929ac504f8f96ef5d9249e1388b3b8086194b85f

SHA256
b91d9d708bb26ce2f32f8b8b5f451bb9b08ac01755777a981389d64ba6d61998

SHA512
5e91b7ea048d56b17f97ed50448dc01c3d9d8064f25cd2d6c321a181f91537903225ad8feaea009632f23b5a9b27ad60da92fec4e72bc56f655afa2d39025914

Download Submit
C:\Users\Admin\Desktop\SendRestore.docx

Filesize
20KB

MD5
fdff869d648f20b5daab233cbecf8a93

SHA1
cacfc99b832c787c5cbb6c9fde68ac7acbd19590

SHA256
b0d82d57c0e5aa7f4d8773fa8efaac4868019f8a5db7ad05bd00cc92f61ec4c8

SHA512
8fe35321cc6af7e3b65cc37135750084aff312e8c24073d0d83a9b7563200f6dffcea3e07685e6d648374bc973807115a9a1a100f602362f246e7ee68eaa6440

Download Submit
C:\Users\Admin\Desktop\SetCopy.xlsx

Filesize
10KB

MD5
cd374c203781f41d77acdff091450f32

SHA1
4b26453ec5ed422ba7c8b4d765d4e873d75c23a6

SHA256
a5058ff7b832a8994b60697f810ed9a3538b6f1c83bc94a4b3521ce40e3d2db7

SHA512
37807766b8cd1f93eec2b69b04d6068145a288617b56427168a3bd360c6251a3d620a9a72786af2f01e39f6a099bd73e938ca31b4aeba0f729eb4dd43cc23082

Download Submit
C:\Users\Admin\Desktop\SuspendTest.clr

Filesize
202KB

MD5
e6671b84ac092db016f9e601a3f133de

SHA1
1d2b256087d6a56811c9184684756b7c36ad2663

SHA256
2e873557a1389b2e686d318c9c6e1fc6d5d2db45ddf8516b6eb69b904804a35b

SHA512
b4fd75a7fee0cafb3f1ca665e6b5049ba3077ccadd47bc139929bec71237ecb3f6c1bedef973020202d788073e140eeebd3f939c4d96790dd36e328110e7aa56

Download Submit
C:\Users\Admin\Desktop\TraceCheckpoint.xla

Filesize
160KB

MD5
786e3ffb5b4d520bc46cca41323155d8

SHA1
d1fe093154b143ee8b4e1696931e1af5e660a662

SHA256
6a6baa667650cb604fc952bcf4b67f9861f02f503d4bc38a6f6a6d045f81ef12

SHA512
f0cabf5786f4c087ca533ee66db9fbf256bdbc52a9b9c8cc5bef33a6ec417c1647d1171d1c5c06e2cde5eed1bbc06540472518b1a3f255e3371d604b2809e368

Download Submit
C:\Users\Admin\Desktop\TraceTest.docx

Filesize
16KB

MD5
13672abd7552837871f9c33941536e43

SHA1
ea1884ad1244bd269d079a6ffe3215aa670cc34f

SHA256
3d33bfdc09dfec8366824fad16742d3c987e0102dab5cb7c7037e83eb8c7e12d

SHA512
bd5c822a11993dd0ae21ae187774124cac178a128527b6db6f265f694b5498a1c806b6a8a12aac2ec3ddb4cca5d33faac9e338a3b41a2b984d508cd08d5e8609

Download Submit
C:\Users\Admin\Desktop\UninstallGrant.xps

Filesize
285KB

MD5
f92161b00b62dd53798048b41d8d31bb

SHA1
2fe6f7bacfc5a3e24c770197f73e4db6ce8d7b1c

SHA256
0e96da0cd38e1fdab8360578907a9c95eaad9aba65297d4aeddb7cbaa3721779

SHA512
647882456592201614de0afc4bf810d7d896de439367524a241a59a09806b75bb87cfe4bef329b529d9e7c29ad5969a20d0b9ce2d5298858b1347261debcfd48

Download Submit
C:\Users\Admin\Desktop\WatchImport.xltx

Filesize
271KB

MD5
ae28948616a3072089d135dd80fc67e3

SHA1
377a083673d4c4b293c07a9b69d797b079bbde14

SHA256
1b08c5b9b1c6d366c8621c1d099b932a4dd1418c4cc22b9ca850b90f5b1b74fd

SHA512
8117317738780771004203197bf8760b9660fc9178088f91e34f1b81b1e295a37adeb6b0fc42c869c806dd784b345defcc0b2fa957da196f617a29ea652e85ac

Download Submit