74b5890f41f51c96efa8cdeb693fd95ad15e5dc523e7d75e2e101d7cf8b0a36e

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
10-02-2025 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
Size

482KB
MD5

c9640390f2987def34711b9c1f42f2fa
SHA1

bb8e1e1d5206e957747791670d980ea89d86bf12
SHA256

74b5890f41f51c96efa8cdeb693fd95ad15e5dc523e7d75e2e101d7cf8b0a36e
SHA512

50fbd697119a6c943e91f96698a158e27b454081d27145dec11f7a108ba4c37b2392276ccf29f4fb8acebd92a9abda1ef027d1fab0dfba39f41a2b3adf1cd01a
SSDEEP

12288:d13ak/mBXTG4/1v08KI7ZnMEF76JqmsvZQUS:3ak/mBXTV/R0nEF76gFZ7

Score

8^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
30	1372	Process not Found

Uses browser remote debugging 2 TTPs 9 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
4704	msedge.exe
440	Chrome.exe
2856	Chrome.exe
1380	msedge.exe
3892	msedge.exe
2664	msedge.exe
3176	Chrome.exe
1836	Chrome.exe
5020	msedge.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
904	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
440	Chrome.exe
440	Chrome.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	440	Chrome.exe
Token: SeCreatePagefilePrivilege	440	Chrome.exe
Token: SeShutdownPrivilege	440	Chrome.exe
Token: SeCreatePagefilePrivilege	440	Chrome.exe
Token: SeShutdownPrivilege	440	Chrome.exe
Token: SeCreatePagefilePrivilege	440	Chrome.exe
Token: SeShutdownPrivilege	440	Chrome.exe
Token: SeCreatePagefilePrivilege	440	Chrome.exe
Token: SeShutdownPrivilege	440	Chrome.exe
Token: SeCreatePagefilePrivilege	440	Chrome.exe
Token: SeShutdownPrivilege	440	Chrome.exe
Token: SeCreatePagefilePrivilege	440	Chrome.exe
Token: SeShutdownPrivilege	440	Chrome.exe
Token: SeCreatePagefilePrivilege	440	Chrome.exe
Token: SeShutdownPrivilege	440	Chrome.exe
Token: SeCreatePagefilePrivilege	440	Chrome.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
440	Chrome.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 440	2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe	93
PID 2740 wrote to memory of 440	2740	1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe	93
PID 440 wrote to memory of 4896	440	Chrome.exe	94
PID 440 wrote to memory of 4896	440	Chrome.exe	94
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 4984	440	Chrome.exe	96
PID 440 wrote to memory of 3552	440	Chrome.exe	97
PID 440 wrote to memory of 3552	440	Chrome.exe	97
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98
PID 440 wrote to memory of 3728	440	Chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe
"C:\Users\Admin\AppData\Local\Temp\1739178544fddf70426d254d1190ae60a70360d66d18140b9726d9aa91d249134723844c49387.dat-decoded.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files\Google\Chrome\Application\Chrome.exe
  --user-data-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
  2⤵
  - Uses browser remote debugging
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:440
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff727ecc40,0x7fff727ecc4c,0x7fff727ecc58
    3⤵
    PID:4896
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,16803587404732257678,8433569402035228664,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1912 /prefetch:2
    3⤵
    PID:4984
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,16803587404732257678,8433569402035228664,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    PID:3552
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,16803587404732257678,8433569402035228664,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2428 /prefetch:8
    3⤵
    PID:3728
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,16803587404732257678,8433569402035228664,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:3176
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,16803587404732257678,8433569402035228664,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:2856
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,16803587404732257678,8433569402035228664,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4576 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:1836
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3708,i,16803587404732257678,8433569402035228664,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4352 /prefetch:8
    3⤵
    PID:2944
- - C:\Program Files\Google\Chrome\Application\Chrome.exe
    "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3780,i,16803587404732257678,8433569402035228664,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4816 /prefetch:8
    3⤵
    PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  --user-data-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
  2⤵
  - Uses browser remote debugging
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff726a46f8,0x7fff726a4708,0x7fff726a4718
    3⤵
    PID:4176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11413978836257355617,13645588574523816459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:3664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11413978836257355617,13645588574523816459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11413978836257355617,13645588574523816459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
    3⤵
    PID:3576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9222 --field-trial-handle=2136,11413978836257355617,13645588574523816459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9222 --field-trial-handle=2136,11413978836257355617,13645588574523816459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9222 --field-trial-handle=2136,11413978836257355617,13645588574523816459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9222 --field-trial-handle=2136,11413978836257355617,13645588574523816459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4704

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjYxQkVEMDUtNDYyNC00MTVGLUEzMkItRDc4MDczNEI4MTk5fSIgdXNlcmlkPSJ7NzIwRkZGOUQtRDQ4Qy00NzM3LUEwQzAtRUI5Q0EyMzQwMTBEfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTQ5NkY1MEQtODdCNS00RjE0LUE3RjktQzc2M0RGNjlCQ0E4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY4ODkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTM2NTgwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTU4NjkxODQwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:904

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\settings.dat

Filesize
40B

MD5
f9281ee1eb0be5c56cd115257c497922

SHA1
5ee9674d5e912d4ca141731c145e433d826367ec

SHA256
e36d6f5274eb6d07392e02800a88041a33539670dedc4dc517e0aefd93f30935

SHA512
d3fdfd1197f0c182a09564528628d43b64eff4919f3b688c4fb997abe90fafa9b35dd9a459b5e1c064f62611dedd71bc1a2aa7c9de3de308b0f5dd61bf33e166

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\settings.dat

Filesize
152B

MD5
3276ee0c0622e88ed7e10175587ad5fd

SHA1
dda902f0fef3935faaa5bb1cae35d0e945b72ce3

SHA256
a2a7af07bd6b73a4aaf023e03e680257e3bc619d7d84186a1ec921f2f5f12bd4

SHA512
c41facf18c68f520416f5b8bf0352d9f9a4f3f3cea5e397886c62abc939fb8adb911a1a7c7bd7e2f803fbfd16f54d49931731c232217c471d72c31de23e615bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\settings.dat

Filesize
152B

MD5
e152fda249a32cb85797c8882faf5b75

SHA1
79264bd094fb4e71a1f6e5c2b2555c5e89cdf596

SHA256
b5bf6c851c6c2c58a4ba58594126e211bce8fd4b1e3735475bfa173226b38fec

SHA512
dc5865ea6073fdb324c12ccecedd1677ceddce6c26cc30c07f8bda5b54c25d2b7943673a6035cbbc9c19872d1d9853fc27de866a062b0e7b9b6dc64940d8cb83

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\settings.dat

Filesize
152B

MD5
e2f0414d3a8f7502e26f75af4d2a04ff

SHA1
da693dfc05fcf3442ac3e2d53d9e9591355e8b37

SHA256
1791231465c3fa4dbf99ed9eda0b37ab3b69bb02dedaaac1b106f30c57adb980

SHA512
6a570bf3a2a91a2b597fb87ec36d31135dd916f07f4a183a8dc9f969347d87b37d9281457ec4f57c3a41fad51f56f21a6d557048bee8d0b82ab652a17448c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
901547431f1ca31eb15f6746a330af71

SHA1
badfa9afdb8f768175e19f6fb438cbacce4fee09

SHA256
ec2779198a3926cc43488af4fb7336f6dd746beebd532cae17eed1b6425ab7a4

SHA512
47c000ae7d7565ec47272e35d3db326511d18a5c41c5a35223d87f49609661750d54f0d8411dbe98ba0be04462411066b108678e8cb099d649157a0a15b30ac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Extension State\LOG

Filesize
263B

MD5
50d99a365ddeb3b323b6f9a06c75dab4

SHA1
d21822f1fec4c3b52a5f79800f3b0f89978b1ef6

SHA256
cb66bf066d35a49259b9ec6874135bdccca0bc9ef32070817b3d9517d0e8f180

SHA512
3c8292024925e0c00bd2fcad1a68a2b4aaf657b7e31dabcf54df8cffe12374645109a9ffe579f936ee94dc9fc0c2360aaaf1c25f0eba73d3d967a82347aca3c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Favicons

Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\GPUCache\index

Filesize
256KB

MD5
c7db85e005d144cff0eb1a767763406c

SHA1
ac1890884a2c9d0fe25d594e7fd51fd89c5d5f0c

SHA256
89c9e83defc6def25bb30382c2d636f509fa94e68d8c5928405fa7d5aa412a19

SHA512
8f1dee29cc82a74c3d06035f12989e951bf16ea6287fe004867153245d21f0c07f597d56ab75c33d81be8415877905a3dd64eca8243ba204cd40b2b4fbcc0067

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\History

Filesize
192KB

MD5
d30bfa66491904286f1907f46212dd72

SHA1
9f56e96a6da2294512897ea2ea76953a70012564

SHA256
25bee9c6613b6a2190272775a33471a3280bd9246c386b72d872dc6d6dd90907

SHA512
44115f5aaf16bd3c8767bfb5610eba1986369f2e91d887d20a9631807c58843434519a12c9fd23af38c6adfed4dbf8122258279109968b37174a001320839237

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Local Storage\leveldb\LOG

Filesize
275B

MD5
9859f283fa12e54c65a9599b48d65622

SHA1
784ad7d35fe35b7c55825f900da13d722985fc86

SHA256
b920f0c8950c78d9407dc62e7e428437ae72d4726a194da4090c378f702f6ebb

SHA512
bd284e86a9fb1c9f26e492a8e33cbeaa57ac951cf902314bb6a580819149019b7c5ec4b13627d12c9fd54f122f8562dedfda205a98d3dca5e761159e49bd5cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Login Data

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
296341c04c34a863b2a971f4eaed4459

SHA1
8782d1a290444ae3eba4938010c1a7aec6e83908

SHA256
f980b529b77aa03c340410777bbe54b82b5c22823f4b8e6136866b84748aea57

SHA512
accd83719cd3f907bef3bc353fc607fe2be26f5848d24eb8f2d06bf0149819928903c32a4d9efbdc5411eae21f28aec4b8f71d0f697ff2a1cf9ae0612d76a93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Network\Cookies

Filesize
20KB

MD5
09d6dbfabe19df60c3998b9692540c75

SHA1
da835b403b6662386df0f7bf9b9e02233498de82

SHA256
c94c17295b7a4d73ea11cddfabdad53ac1cedb9e36d36fcfc41e3869fdbb39dd

SHA512
4601fac727ae42e2f32e6ab71d3233585889b513ef47049e3943d98bdde9bdef6b31c7d9412ce530abb941aa67c44965061a74dd74aae01a886af0917cf144cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Preferences

Filesize
5KB

MD5
82ef412dcb4365efd9a8fba5acb7c354

SHA1
3402ccff4e83eb74d1837de9981dc4569ad97898

SHA256
119f65fc87a67d7239e07817cff92a14e07b21525a7355a87fdf2e8ef176c9da

SHA512
cebff2086220cc5f9e5ec26822719b794012403aa79e013e0e4d193f546e7b0579d34890942125840389751fb4bab63de0b3884c9feb0baeb52ba14059d3b5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Preferences

Filesize
1KB

MD5
5469cf021ad87838c8b17707f07ba63c

SHA1
ed8dababf0cc62fa696e2d197b926c8c13ab2ef8

SHA256
71b3409c29bc768c7aa85b8ece66cb742411599dd9b5fb8bc363a66e47987baf

SHA512
59a6eeab30eeed3bc130e498760158e9e6d010215962c0b2b5a3c1754b2f7e7ba4a43142022cfe5a505f3fe7a4e5335931c2000983f766fb0cb5ad05d125c764

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Secure Preferences

Filesize
24KB

MD5
80e6fa3509b0ecf50ca2ee2ed6b6bcae

SHA1
4280efae69dac4c15505d78e4b54e72cb28ff0c0

SHA256
0d1845dbc8414869b8006f0dec3f3ef6a7839395f0f2f1a42e062d0e68a64d0e

SHA512
6973377098351d452cf49e7757a041967bcc186e7c609d019416bb615a819dff9097a5d6df3a6d1becfdb5f431dbd21fde2c7b3df0c8647e7f83f16813a789bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Secure Preferences

Filesize
15KB

MD5
b53116e7f882be6626b5d83c8b8fa0d1

SHA1
ef0c131c95bf04af6b32f015307e346d630e1ef9

SHA256
9dbd5166f6bc7235eb157b157d139f42a3d3b99e330c1b327de66a9e1ba3981b

SHA512
093610da8106581c6e05b271ddb921ac9fb6dc8b61265f5dc8605c92ebc3b56ad683f5562b0ffe0c1252354b37836a81bf8fde3e5f7c505ab47b7d3e34fff81b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Service Worker\Database\000003.log

Filesize
241B

MD5
9082ba76dad3cf4f527b8bb631ef4bb2

SHA1
4ab9c4a48c186b029d5f8ad4c3f53985499c21b0

SHA256
bff851dedf8fc3ce1f59e7bcd3a39f9e23944bc7e85592a94131e20fd9902ddd

SHA512
621e39d497dece3f3ddf280e23d4d42e4be8518e723ecb82b48f8d315fc8a0b780abe6c7051c512d7959a1f1def3b10b5ed229d1a296443a584de6329275eb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Service Worker\Database\LOG

Filesize
279B

MD5
ffe76b014202f4215a22d2e2140db885

SHA1
14ee500767230f1050e3921a901501e7a3febd84

SHA256
f19558dc85a56cb825dee3774722296466ed702e16822ec151eb97e87a5d939f

SHA512
f58763c29f4a657a89728be39e28dd36215d06cc458a8aeff8bb5da359dbcec11f1dcc7359324c56d527d81f328e88d364e801176c009df489f2cd98d71314de

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Session Storage\000003.log

Filesize
80B

MD5
69449520fd9c139c534e2970342c6bd8

SHA1
230fe369a09def748f8cc23ad70fd19ed8d1b885

SHA256
3f2e9648dfdb2ddb8e9d607e8802fef05afa447e17733dd3fd6d933e7ca49277

SHA512
ea34c39aea13b281a6067de20ad0cda84135e70c97db3cdd59e25e6536b19f7781e5fc0ca4a11c3618d43fc3bd3fbc120dd5c1c47821a248b8ad351f9f4e6367

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Session Storage\LOG

Filesize
263B

MD5
2e4e361dca731a19bdeeaa4a4cbc0a82

SHA1
5f3ef097832f2bf77df19c21b91f3d3bde152066

SHA256
3ee207fe4690958e98274cb2830672b4be82c331e0d2056cc37fdcf35ce31dca

SHA512
f15fccd1f026bc4fb4be7cc6059deb1ae894b1d07d3ec5443fdeb48e2c02b88092f0f58b89902e59af2538ede08945a7c9be6e56dd9e3cc836e4973b8903652d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Site Characteristics Database\LOG

Filesize
291B

MD5
f5b81291567feb3fcabe8580c073d64f

SHA1
4e648194e6c19134b708882922069870b2ca6795

SHA256
2aa2b6a451a1e2cdb65031b51efa25d14672658d086bd992f18ba3c00e5ddc2d

SHA512
08255dd068e6fe39c74b991e2291e6d27960c0e9ab4089c3a9f860646b06effe45ba2c88d9ebb962a0b41791cf79b2c65cb8f48a109499bb49b3cfcb70fafd20

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Sync Data\LevelDB\000003.log

Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Sync Data\LevelDB\LOG

Filesize
267B

MD5
1d8891b8acd788485158724c1b1187d1

SHA1
746ecd744ec85275ddb4aac307b69330608b9528

SHA256
150ca70ff0d82a257732d26c5be1f6dc7c992bb028fcfa5013453e662a5f0975

SHA512
3531cebb25f39b76354051623f01f707fd427da774185ab9490e4f6f98a798d149dc39973f7515d51c5ba289d317926b71f7d8fbd14765302df3fb8f8152a3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Top Sites

Filesize
20KB

MD5
986962efd2be05909f2aaded39b753a6

SHA1
657924eda5b9473c70cc359d06b6ca731f6a1170

SHA256
d5dddbb1fbb6bbf2f59b9d8e4347a31b6915f3529713cd39c0e0096cea4c4889

SHA512
e2f086f59c154ea8a30ca4fa9768a9c2eb29c0dc2fe9a6ed688839853d90a190475a072b6f7435fc4a1b7bc361895086d3071967384a7c366ce77c6771b70308

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Visited Links

Filesize
128KB

MD5
9038d35b44c0b6aafa502086edbd034b

SHA1
e860f39c98c0aed3e416347d6e1d00056af5c9ad

SHA256
433c5cf68c5272fe23ff37f58cbf204a812b127e452534e4eca8c0482b1c9fdb

SHA512
c126718c0bc9f89a24674cc7cf842db851429e40210402fbf4552904e0dfee0b00f556662ea48021bd8e7b9353baebb94fab3e221f3b8b2a2a452409f0313125

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Web Data

Filesize
114KB

MD5
cd681132a5daf8e5e4d9e683e1b53f7e

SHA1
cff0c0752a7acc03b37a22b9779d92e11950b171

SHA256
c3f5606b847560ba0535c1ac8a6fbd5ee601f79cb3478818c44d4d93b0113873

SHA512
f827fbbb32fc9588d21a24733c2d4503b66f1bf4e43ecd39743cc3d8af65074224520fdb9045dd1490d804d71d63455bc3da1530bce75f5371f9b11bdbb38a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
3f01783c2162594c8a5f678d8a54c306

SHA1
6f22cff46013b1c239647530d33771f4c51d7be0

SHA256
2c35eb8a172f147073ec3c3df29ec44ba9a00949aa414dae538be74fcc09b902

SHA512
8ba5f3278eabbb9e9ac6b24f90fb01d9d0e249a3e27723b8905caeb958c373ab14947dc526f6b12a2c43cd1310b015215006c910ee5481576dc7048bb8f46d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\shared_proto_db\LOG

Filesize
263B

MD5
861e36337102e720b3aeb2576c2efb7e

SHA1
b9212cfd167784db9bf64a351af3c00011cf4c2a

SHA256
9d28d673665797cc4a03cadd367b0a0b149c95b6cad1c32009cec0dd42714f31

SHA512
9f03135fb0aef2a3ead57e09daff98fd3f1501379c395b75716da0ebdb7885da487899622b1c37f63103351c5bb08d28228c284367844f59b79c57480acff8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\shared_proto_db\metadata\000003.log

Filesize
682B

MD5
4e1ed71cb15874e0f3b297dba0af7fa8

SHA1
0971a58c55b34b14ecf8fad356e9e31c26c4e696

SHA256
800611cbb21e49fda3dedafa6b8d1ca31bc253c7dbfdfae0ab3fc27c49c56068

SHA512
770fdc7c0417ef711248f9d83d90599b370c9a9177c6bc9312b48a7980729409163d30fb7d7c96cf40fa2379313501950d5f4bf00ccc15d04cd31b643b60bb52

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\shared_proto_db\metadata\LOG

Filesize
281B

MD5
cfedd5495b1f26384ed7c00f2ba82b03

SHA1
9313c21ae838cccc5b45ae4f8981f42f856fe2bd

SHA256
4519a31aaf48a9fd8a9d1322655ddc83ed951e850a73d30e56f4f98b4e38a523

SHA512
7b045f310dc37bfab9cbb1af036ada92d28c21b23f11dd0c2b28d7dd814fb91709c5c8c6a7669e229cb67d8f84d97a8af99b624b485dd3a5b24d3eec17757c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Local State

Filesize
126KB

MD5
2c2ead4012013c149083b07866faeb22

SHA1
32aa474da61ab48eb1a446e6b8124107e0c1258c

SHA256
d5fc81e47d6abc00c6102f83eaf9f5c7d16c4e6c0787deb1dab3c91e329facc8

SHA512
4fef4051e8cdf2dbaf2803da31f9b44a5d3d18e59eb6d769bd20580d4d624fcb18de777b2a6589ba698a6a6c3f7d0876dad4b616f97a367ed17fef84d6743253

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpUserData\Local State

Filesize
8KB

MD5
50a1c4e25ddb595720149017d3086870

SHA1
ab2099a45c126fabaacdc5b1265d39ba85cf2d67

SHA256
794869333573fa63f9960d81430bf07ecc5c0de1f6cb48fc54635eacc18936f8

SHA512
07f7eae81e50ca3e91d77978c739cb7df4b70121f84623e3a418002a236474a9d05a4acf49e7f4fb36f7118ad464a5231e7235561397c7306f293338f1db5f6e

Download Submit
memory/2740-147-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/2740-4-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/2740-2-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/2740-5-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/2740-7-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download