hxxps://is[.]gd/aFeQHv

Analysis

max time kernel
241s
max time network
243s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250410-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250410-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
17/04/2025, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/aFeQHv

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
43	2568	chrome.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2940_1788393323\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2940_1788393323\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2940_1788393323\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2940_1788393323\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2940_1788393323\manifest.fingerprint	msedge.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133894012622813844"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3276626056-3619442337-829025701-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3276626056-3619442337-829025701-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3276626056-3619442337-829025701-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3276626056-3619442337-829025701-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3276626056-3619442337-829025701-1000\{52129444-27B3-441A-9958-3D863E8F12A0}	msedge.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
5064	NOTEPAD.EXE
4848	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
5356	chrome.exe
5356	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2068	1120	chrome.exe	81
PID 1120 wrote to memory of 2068	1120	chrome.exe	81
PID 1120 wrote to memory of 2568	1120	chrome.exe	83
PID 1120 wrote to memory of 2568	1120	chrome.exe	83
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 5384	1120	chrome.exe	85
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84
PID 1120 wrote to memory of 2740	1120	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/aFeQHv
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff905a5dcf8,0x7ff905a5dd04,0x7ff905a5dd10
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1896,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2092,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2304,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4276,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4284 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5200,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5460,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5624,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5780,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3348,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3104,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3388,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3080,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6120,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6160,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3392,i,2231054242813254680,3742253173650652186,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:2496

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5068

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\hola.html
1⤵
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument C:\Users\Admin\Desktop\hola.html
  2⤵
  - Drops file in Windows directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x260,0x264,0x268,0x25c,0x284,0x7ff8e3d2f208,0x7ff8e3d2f214,0x7ff8e3d2f220
    3⤵
    PID:976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1800,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=2768 /prefetch:3
    3⤵
    PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2680,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=2668 /prefetch:2
    3⤵
    PID:5608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2192,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
    3⤵
    PID:1512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
    3⤵
    PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5152,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
    3⤵
    PID:5088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
    3⤵
    PID:3584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:8
    3⤵
    PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
    3⤵
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:8
    3⤵
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
    3⤵
    PID:3100
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
    3⤵
    PID:5440
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
    3⤵
    PID:5244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
    3⤵
    PID:3328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2492,i,5475733463367345467,773481703862711120,262144 --variations-seed-version --mojo-platform-channel-handle=1868 /prefetch:8
    3⤵
    PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1076

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\hola.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5064

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\hola.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\hola.html
1⤵
PID:1752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5336

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4534a0794c95b29f1c3a0b6e4edb0ee3

SHA1
293e9a55e67d85aa8d76d8b59a47adbf4b6ad93b

SHA256
ab929b4441e7e30c1ff2c274b080ffeea4cc7d41e09cb7b2a7cf2cfd35f222c0

SHA512
537f9d1024aba356f9e7ca7365cf079c2c8bd744fbe9f84ce61852fd8f6455ece22ecd41cc8ff6dc267bbbad56ead076f0558e280daa2d6b5f81e9e4a8f121b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
f921020d74445e32ed73130357a4bd30

SHA1
b36d78af0e17b5b9053802abbc9ca0880952ea46

SHA256
b62c13ee4b21941a71ba3e1a70c6e87f7ff8fa3a5440bb5600b3a30a90194bf7

SHA512
a1543df3df0b9af4778854cb43654c1ba693ad06858ff85c3ce576f2fa3dbda40d3f5510c77ccc70648bbf5dcf849c1d1f25f7d6568967f1355ed28bd3c6d3d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2d7e961f-baf0-46d3-9ffa-913d0694b0eb.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
73eee8ac4fbba4b1e92ec5a0dfec7967

SHA1
e67b2c98893d8d66bb2a9b0bcfe42ccd4e41beef

SHA256
22ce1c72a0bde5d8c1235600bf54f4ff31ec71224991394a9cd8ed152ee7f7a0

SHA512
d936f25bcd65c5571cc0f722369cec0815979b0e1a37280bf939dba8497cac0358eabeee6b23f0e64039fcd09a7248abee1eae5fe697222f87099ea1f707f54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9993a11bc2237dd6df2dc7c166c61940

SHA1
7b36e0ec17a5607f238305531fa0e2d19877fb85

SHA256
d77acea231e476f2bb2db410538fe64039814d2a0b301932a006f6fb3f8d1fb2

SHA512
f60a7208b329a369d4327cad497a69f99a7e8e83d9bbf7a21460ee678ba30fb6a1a9e3fd7d358d5bd336800790a16904a2add3320d5d9ddb5c10d3914c3c251d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ec111a9249c4d8fa10286aa5c1a60033

SHA1
5c2819ced082b3b910ab18e577a54a6294a6a3b2

SHA256
3d7741b59852841cb7a5d0d0cbb16a3002129b544ee9b3027d59659ff8896121

SHA512
159ab4268162ac1f7fc94677353e2aae24a33d94d064a273eba71ca761bb10fd22cada61cfc6a13fc645815b61e2a1c0a95da0350ed9e85570e80e1dab6842d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
4c6f75f44a01c82b0371a0651e31c6bd

SHA1
80b2c7d35f583c07567f792a2f614a2b157d7592

SHA256
144832ffef49cd9aca415d3febadf50b1a5d295ea9ad3ed60eeba4b97f5fba60

SHA512
fb998827fd55631b6911ebac62b3d6e80fdf53ddcca45c63f42baa15a7b131441b5332e2b1294e3fdd54aa1b800ac250dcfeb3e84a2971be76f3385b56c8426c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ed814680476545ab3b7b48835b449155

SHA1
119234a78b17b5f2861ac04f1efc9fb5d616a1bd

SHA256
4e27545cd7235debc4c393a4293d6c7a516bc5794c5796ccdc92b11c6aea1bec

SHA512
a632942f964e5fd662a2b95970cd5368d2332aad86b865af0e4747b5199cd2c7c90a5fe83342eabea143061283762f6e98a7fc62e2647cc98c71c91abaed5092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ad7f0174c7fc06ff2d034d62604c1667

SHA1
8d905eebef843f994776be303c7b848767658f2b

SHA256
b164d3239a92026a6b36d8bfd9f317adeb6ce76ecaf1818d6352098727d55262

SHA512
d1d682583f46bf799813f07a38fe332b9f248e977d7770a1d03018df5842ce873aa97d02157d20af9b393bdf7a44a69c1b8b4fb04f0fc2263d9e710442a5e4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fee2b2ec6f03548f24fd79174c64bed0

SHA1
905727972a5d04728ea3c5b674beb095bdebf1ed

SHA256
b09b44aa88960e08b0f7e8993574e2f59d1df29896621aa218bc0bb2f48eff0c

SHA512
6dbdf9017b9e111e594ef267c250c8b37dac809a165ef3cc7e1d541e789968c88807d81a6bafbd5efc471619907da506b702fbfff9954ca1476078486d71b2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52dcff92b440df67a674aaa7c0921316

SHA1
6708df0ac5cdf16a03a956a7b2763cd48153e559

SHA256
aa0afe9fd98ec7eb538f603e056d18643224f1ed401afbf5676f118b3062bfd3

SHA512
c74eee70a497dfd28d3c664d3e209b6b3a4cd991061e1b7a1c678a3ab3b7c24e6d1865c509475b12beb556b378419c26ecb99305f355ea93664adb42d11ca873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6cabc5d8576befc1c27347546363c106

SHA1
00c6360713bd7c113b625c2c9e69d6fd4171c642

SHA256
635f53b38ec962330bb94a5f8c276eaf9db9f0bc62b1303edef4f3cf7be5c676

SHA512
8d732085b260e1c8fdbf6dbcabeea9ce0026a2151f3a53e1544d73d5b27327ba7031da3a120a53bd3b045336dc33f8f6662322c93653ef7a5c2ae66e476062a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
dfd5926e3f6528f3b30cf065d50fdb2c

SHA1
0b23ad3058cdff4c800bdb3bd80a75ab00ed62df

SHA256
6b9bc4bc9fb0e50859dcec61d6a31a36821b3a4a4e2c627ddbf8aa64264ef2db

SHA512
a597ea3a550d8fa83ef8a11fde691168568cd5e0056d5e013ee0254c7bf646506d235bdf5eecda853cf6e9e9771d0be9ef0835a227318dafda4ae607e9339bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c92a58a3430f6841aa712c5a0ee3df5e

SHA1
40ad8dce2c492cca7ac13bc8f3aed0f5652ea29c

SHA256
2e6bfba382238a3eb6949a5ffee014f9289c8ef8563e44053f51efb273271f20

SHA512
253aa7a52eed660fcfd8ceb8e29daa52b0a67a2c06ba20ea4c35037df328387d3947fc3c46a40703baf940b58820395ad64777ac9262565d7a7cee380c1a03c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c98e7fa6447f45ef46e966073587f5a6

SHA1
787bb7b341fec757a96179e8395ae10dd9133873

SHA256
9af652a155c994b9cf8dbe237109ef65149a1a4a369926025aac35f3865770e2

SHA512
4d13b01693c25d6c4ae903ee4ded4d8276955a046a2ad9dff2b8ab509348af1b2f608ecda4d69ad3d7aae7831c2d74ace27501ea360e6e4c36580a51dcf8bf73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b7e6.TMP

Filesize
48B

MD5
bd55f98216fb57b36fab7bb2375b5d7f

SHA1
7ab632ae8af9bcef80972dc60eb36a4d5a4bf778

SHA256
afd88fe5da19fa6eb04b4c191d0d8ea74065f3eb4c6dcef5e8b9f7546bee26f9

SHA512
b6de1c9ee9ee0d7644fd3419ed8c9fbb3746b42859499cc92457b375b87971e4e1ce353ace6d1a6db3a075f7ac1f8db9fe86130f1265d60449e352b4b924573e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
a4e1f1d75c5241ed452b24672a9f19e1

SHA1
2a116ea5166886643fb438b1a193cfe8ac2d5b32

SHA256
60e0ec3d7cbb50fbb0d9a6f25129aac48346731a5562bd191be1cdbdc5532ca8

SHA512
fe2c8ac353bd3951ce77222d5d924625e0819694a74c5d79a33831a997bd24f14057276ff9404ba0ccc04183d1bbd0e1637b7116eda863f3844231dac01e6d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
a872f79e7afc813cc442ade9eee59012

SHA1
abdcac1e414d3f17670758fcf1437fc04ed10bb0

SHA256
f16085b1c39b4dfa8538e39071100fc96a752836dfab463c4c3518f7cae523bc

SHA512
e0cdc863793be86847f3364a46a92845066b0f1f0793a1f8fd5edbd716f0b80388b27e1e28da10c46943f7e468f5d6f709f3db8759834b4b6e94501e01d65673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
2b22bf799871049b17c244ae8b5678d8

SHA1
33c6699acb38b0e638e46e83e0ccf420a16431f6

SHA256
e174a81648a28b9c9812e3f1d21bbdb81be09c6d894e7e344167b0e08fc5099d

SHA512
a4d3add90ffda98b8b69cf0034299fed5710d4fb966fb982b475e1d142d30b5608052c5829a64c0fda755a1a0ca6f24a72c1832c2270552003372262fb626cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
79aceb66de56ae2b2b99c1a208925b14

SHA1
b3c5db04889490b76902202fcd8452f2034d45c0

SHA256
3c5568c40147b676d03ff298f4cabb7d69e0b2c00b964c5b61c54a5983d1bad7

SHA512
61fc72c4c228b2b1b5e16ea8d57e75324aab7002de0c46cf2dc41a44432a1f15b75efc17d376f7ef47f947280a10fb3337fcd84afdf3a6fd5f8eb4cb07bedbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
2783d296440d3feb152a840eb8bd5606

SHA1
0405ef81b6f355bed9d74e7cce5104a21a05cc6a

SHA256
bada4a1ada0c3fb7bcff2b4db110247e759b8b40cce0abf542a2d9826f674c05

SHA512
58c072340b5043eedfd8a0e3e9643af523c098d9e793ed1d84310841ed63e0eb1d36dda719fa0e48ffb9a4ef095464557ab8c244a22850660ec808f23f663d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
7e066718db90edb007301e8890f4d90e

SHA1
c604ebc45e8ebfeb51df75c45fe79b6662b4da32

SHA256
03d588e1c61fb060944232639360185a26ac2b9352e693effac7b21540a4ad62

SHA512
28cae9cc675d250cc66d04b371cc662f8949acfa683cb0ee3574a54d61be5033b8510e35832ffafc5112a7f6f7f4f15be1b384e01304001baa00c146ab8974bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0bc8e29dbfff94aba9a4fa7ec90e4d3c

SHA1
6ab03f2649d77317c7b161f565496eefd1b23313

SHA256
bb88f319f7ba0cbde05d97bb5d0bbbd73d7665e8fc488a7f0e0068e5e10b22df

SHA512
fde88cdd6a14121edb316a447236fad2c2c9abcab69da78ef61c409ee35785efa53b8e84b7be6eb24c1e9ea886a5e37699ff2a8899dcd55bc1246210c938026c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a3745e75f4fbe7a8f936a8224c6ba834

SHA1
1016e02b433ce53015ea2fbe88baa168a3c72c50

SHA256
719dcc55a6751abc60235bd8cda40242dbcb7b3e6a5d5bf79dc2f9fcffe500ab

SHA512
f293f7aa43c7ef56275cd413498d9052f1f226b6f5111d005014659a0e31a56102f85f871ea0dc70bb05c6422991dc93ab605266df9b06481eed417bcaa2aa6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
f86fe68d0c30c9b90932cd287cc2d809

SHA1
2ba5c266c1232e137ea4a1d5e62047bb9843ea16

SHA256
a5260f7c7aefa943206d1de5bae8bc3776e008e1d468e6e78be2202bc1aa886f

SHA512
faa1c111643ecfbc2fc649924891d34a53952e5791e96df2d017347549a23c54296bcdca5a17207d072fb9d82509d988b4484a939903331a796f27251a5dc82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
c1ab1b3e3ec711ee62b18ef8d62316d3

SHA1
e641312f8f0ac2905ae5f0a242a65bf94c58f201

SHA256
d64e33fd5a5ece4b1502f5327ab666fd7c450f80af054edf2446ef2762d9c264

SHA512
195cebc89fdc9bdf06f9629fe9dd3087f2d5f6b03aebb972692308a1c2b2a60f21b64182cd30bc2f6b9fa77c3846d0f213462f0ad7329278ab5702d1843d7669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
c248263129b23d380758a4bea409a3d5

SHA1
17d50146265064a5c529024f14aebd0cfb21f976

SHA256
165fdebeb1ceca7a4a573eb57571b07323b952672dce63618fe3484277f37722

SHA512
1bd29aca63de28ef97e33b720e69ec358d580b1543124a2729e91a29db07272dc9174d055f697e8f33f3a05052aa25ac3078d460953f424d08322f23082d9a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
31922b900ec71f130884181db99c051f

SHA1
4355b497c3b88f24a96423d5aa10e7c41e5c6770

SHA256
19a7612702228a88d0b916cb6ee551f907b1f523835e0a2f8d6bd681a15cdc8d

SHA512
ce9f847648d06d7df22836d6eccdc517eb0d5661d3888fa37e06087444a513882f4e333392cd77f17066fc388402e985e1350294ead7dcf37d8e62eb905867fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
3faa8b46696067a1fe065e2aacfd258a

SHA1
0a0be9921b578ce4fc053a0ea98d450fa04cb361

SHA256
81b70813b8d2eee64f5a7814627bd1ae6978c7ac138e3b5255343ad3e6ceac78

SHA512
e17d5c0714259fb8620756175d6f5aafebc4c5cca0e4b647bd7867c8635af5f9de5c39d168bcdab1b69e85efe03148fbfa42bc1f9401d16f012cf4c15218499a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
c14327e71d65b468d97130f3bddbf39f

SHA1
0de0b95a3dab154512e5c6486e73ee15502836bf

SHA256
0b1616ff0f9d388078339cda3179ecf7a5c788b0d73e2d05d1a31bf67729d91f

SHA512
e2c248eb990b14c54ed2862e3168ed3500644f327572dd274170f599a69110885089ce620adb1108d169104ee4dc471f9d271c0d70eb93af4729bc0cddbea8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
62197f5aa0d68a6f7fd1643d75e3782f

SHA1
fe392f3e43712ea5fae229188175bd32348df0d5

SHA256
bfbdbe33f574683830ba5487e7b6f555ee63cc1f1f0b469bf65d53fa3edabfd8

SHA512
1a076204bec9635f57a981f04d5403a0c762f85c1609dc9cec4ce6b9ce9be08298d2a482a39a85a81ce62e56782ee9a6a134b39b2eb35ad0e73ad5e4ae360e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
fcbe0022388e9e7b43ddf4a67b7e2b3d

SHA1
808714b1fc49b5ddb47cf169eac5bb4e584f89aa

SHA256
4ee5988cfea8d0dada9811bf27eba3c0d12d3b77947678dacca3761dfa24a09e

SHA512
bee7ce48aff9f2ccda4ce73f0ed8a6f9098562d8a61fe8c76bf5c9a35f671cbb78a17691faed9ff47b3570f10391d4486ad3771621e5f0ba3d9446481bc0a142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
3cab22054d8ceed6a74345fe5afae374

SHA1
c2e74617da57d09de63ba7162a2936f5762fd0a0

SHA256
2222282ccac6ac91fbfb6b6fc02d8976e1b6311100344fe13908957aaac14662

SHA512
9aa691fa86b9b9e4a13df3021a2ee58f09155552e1ffede3ad0efb833695ff50b2c9c4bf79cd0b881e7d72ac546272b912d39723cd95677e871bfb8582c0aff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
80164555cf9c3086d00dc903dd0899ac

SHA1
8ebc1f658ae3ae7c25bebac3172fae04b5e3e6e1

SHA256
b1d7c0ac8585ab06997239611e96f0bc4eea03214512a0cc0ddd2f5829f1c594

SHA512
2b1dcf375d09ade68169efc9f6b2100901eb1352ad711a04e0fc798023532a9991eae9ce3ba7bbd97b2aea0d27bc1bff781aaaa0eff97c64cbecf91fbd911e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
63f443b4333932fa8c897fcef149c014

SHA1
d8f68ba36cdd55064636aabc98dbd8a51bee3d13

SHA256
6ea3d65d7f33d0a3636696b63dd63eb29b0b92c27660c73a5658d6144094715c

SHA512
7693bb951c9d0f085846da41d92d92e3e1cd4c06d62178bbca00a5f5b8a50430c5a9f6fa2dfa1c1bab0b2a28febde5f74099ee6911dbee0533e2cd534c38cbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
77064b1808e482cedc67cc01ada72619

SHA1
13346b0ec3e5c8dfb298240d3487091b37433d00

SHA256
f88b2679ab5765096cd26652b72577d05534fde133f6db22978a5379029f75c3

SHA512
ac7b9120274cba3731ce6b8eae7c72bd6699dd9360c1bc432faab39d126b83111af65d93e611089769a578a7d60a6064041dac14ec06d502863f56734fcedb6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
752f97347bf466b1ecf3547fa938414f

SHA1
6895669d9c527017a217a774f1afdef78f068b8a

SHA256
406caffed050ae36666ec2c5f489767c3dcbb2e713c4e4c3348b5bdda7df4a5e

SHA512
a14f40fbb90e94fb1fb3d2baeeb5c53726124a06cdcd7a585bde63f029c322e23c6ad8fbb51484032c5444e580c7833d60efc9ac5688da4ee2e9c3f9a8dfe03a

Download Submit
memory/1132-293-0x000002BF41740000-0x000002BF41750000-memory.dmp

Filesize
64KB

Download
memory/1132-277-0x000002BF41640000-0x000002BF41650000-memory.dmp

Filesize
64KB

Download
memory/1132-313-0x000002BF51BB0000-0x000002BF51BB1000-memory.dmp

Filesize
4KB

Download
memory/1132-311-0x000002BF51AA0000-0x000002BF51AA1000-memory.dmp

Filesize
4KB

Download
memory/1132-309-0x000002BF51A70000-0x000002BF51A71000-memory.dmp

Filesize
4KB

Download
memory/1132-312-0x000002BF51AA0000-0x000002BF51AA1000-memory.dmp

Filesize
4KB

Download