hxxps://google[.]com

Resubmissions

22/10/2023, 15:51

231022-takkssae3x 1

21/10/2023, 14:02

231021-rcar9sfa4s 4

21/10/2023, 12:50

231021-p3e4kaeg2z 1

19/10/2023, 12:13

231019-pdqtrshc44 8

Analysis

max time kernel
61s
max time network
46s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
21/10/2023, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{D5C16419-B70A-4606-937E-99F0C7DAEF41} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 14d456402704da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f23497402704da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4308	chrome.exe
4308	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
820	MicrosoftEdgeCP.exe
820	MicrosoftEdgeCP.exe
820	MicrosoftEdgeCP.exe
820	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4500	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4500	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4500	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4500	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	816	MicrosoftEdge.exe
Token: SeDebugPrivilege	816	MicrosoftEdge.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
816	MicrosoftEdge.exe
820	MicrosoftEdgeCP.exe
4500	MicrosoftEdgeCP.exe
820	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4308 wrote to memory of 404	4308	chrome.exe	78
PID 4308 wrote to memory of 404	4308	chrome.exe	78
PID 820 wrote to memory of 3988	820	MicrosoftEdgeCP.exe	75
PID 820 wrote to memory of 3988	820	MicrosoftEdgeCP.exe	75
PID 820 wrote to memory of 3988	820	MicrosoftEdgeCP.exe	75
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 1912	4308	chrome.exe	82
PID 4308 wrote to memory of 2940	4308	chrome.exe	80
PID 4308 wrote to memory of 2940	4308	chrome.exe	80
PID 820 wrote to memory of 3988	820	MicrosoftEdgeCP.exe	75
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81
PID 4308 wrote to memory of 1952	4308	chrome.exe	81

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://google.com"
1⤵
PID:5056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:816

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:820

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4500

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaea6b9758,0x7ffaea6b9768,0x7ffaea6b9778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4076 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1840,i,8899680205889797759,205175885671872114,131072 /prefetch:8
  2⤵
  PID:5072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaea6b9758,0x7ffaea6b9768,0x7ffaea6b9778
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:2
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3760 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5076 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2112 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2696 --field-trial-handle=1696,i,1940294180074806465,16295091436297858390,131072 /prefetch:1
  2⤵
  PID:3556

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3644

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

Filesize
114B

MD5
06e76e71fd2d6006a646081f1d918f5e

SHA1
eb6a5eb7fd342587ec75b4fe359cdb21e29f6735

SHA256
21ccc9b9af25d7becb6f322d24c5670809898ebdd36e561c92df28781bed0fff

SHA512
412ef4dd71623fe8fe63326898c171b1ee74f828495da8d84011567e5dea54f7eb297bf33d9fbb6b0fa0006ef6d3a7f23ac61e146fc4b2f4f5f18f5d8ebf51c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\4642880f-0165-49a6-a3c7-53807cc1fb7f.dmp

Filesize
1.2MB

MD5
16efb6108ec8ba1c7ac37ffcef459b2d

SHA1
30068437a830c402380a35c692840b33983fbe6f

SHA256
f147706f0d8f8f2ebc8a404285c6143f7f90da8d909168c0a7fcf97285ec0aec

SHA512
3c58d4273235e9afad276e77f898457edcda0e53a52bda236ac9913ab36d0f72cdb4c424d44d7724cc948eccf67e9771019e2fa17938f89deb20df182b49fe59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b73d65d6a4e82f58796cb7ac482447af

SHA1
4059174dd23fc893f9ab5ea5fc474d10beea749b

SHA256
c9c5361fc95e2e4143099b434ba18a0ce96d3a04836a9fb3fe0590c7da50d7bd

SHA512
4eeca95f0f339c95f38d82d8a25cd8692c0857f8f68027f0ddb508862086a0131bb4ea30dc67e158d1de5db6c31fdbb44a159c5f4b85e6aa49bcae552a819c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b73d65d6a4e82f58796cb7ac482447af

SHA1
4059174dd23fc893f9ab5ea5fc474d10beea749b

SHA256
c9c5361fc95e2e4143099b434ba18a0ce96d3a04836a9fb3fe0590c7da50d7bd

SHA512
4eeca95f0f339c95f38d82d8a25cd8692c0857f8f68027f0ddb508862086a0131bb4ea30dc67e158d1de5db6c31fdbb44a159c5f4b85e6aa49bcae552a819c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
752a379196b634eb781d5c6648b27bb2

SHA1
454c02bc34643000d8a18f51281ceed93b20b073

SHA256
5672c39ce11dc5e98158faf023d7c83f52ae6a9c9b0fb773f708ae47c2cd2c56

SHA512
dba0a7e6ef128f275b11db42d94b0443bfb705b8bb8a7f5a9f5d36c7259ab8dad3b33f6f75f53f9184a4a51232bbf2f5b192ce257ce262d3a6c0624ff2086241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
ae86a84f7f8042ed7116e368857ce384

SHA1
172d980e78cd6dbb8a31848d1a5c81aa32fe7c49

SHA256
a282ddbcaa7ed152ce32082cc943489ed5fdf5efd5fd5f1ed9fc181866593dc3

SHA512
2dff14485e61a717406015f0019b3e1ed3ef06c80c0b7c01e08335efc4427c2b4bd5c0ac4f50629ef2a8ee795625e6f13992b1149abe7807057009765553cb8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e5614f5d6bcaa83b3f929a709a730935

SHA1
839a4b5b24afbe249b0dec320e30ef02440afff4

SHA256
abae41253bb77ecbccaab8f8f1dacc82fb80ae2422b03db77080fe9daec7b928

SHA512
d5d6f26068afca66d97aed8c4e91f84e4ff2f93cc749bf94c418b120343a4f0f985ca25a21fa960d7fa700df5040aebaaf94db23568a40db6707a2b9e754c19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
fc3e442b7b6dff0ccacbdf1cfc3ee606

SHA1
624668b8709a1cb4be0dac5969148f65e1e09fcc

SHA256
235c5f408ab384c39ebe3d9c4a30d61f94e353058d6fdee731dc99a599a8c514

SHA512
5e84650bee257285b0829fa9a9096b567893b1b6b7206fba788144abbcd179388408e1fe878baf0c32aeeb90dff0f86155882f421e7b661c9dc48ab96aa7350b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
43df9cd5684a2401f5fa19ea1ee239a1

SHA1
ef481597f85aff41eaec4b96c71602785cba6c7c

SHA256
67f324f1e3da7780b9198a55f6ff7a9f99ce48ab93dbc6274f20e5794d7c556a

SHA512
8ed3dd15a9dfa2844b8d99847b453d7280b8b9898dc653eeac48c436d078ca93f6542ecd6df5170143e93ef611bfe05e2f0f3ad171d1dd753473c8783f2f71e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
be77898c4a305dd661e751d4a2177ec8

SHA1
1278ec3e64694f7fbfa3f68223395115188434ba

SHA256
8aeebb3d6c99c0bb54a537cd18dcce41ecb45d895202bf2b60b26880dbcda359

SHA512
d3e9990f7f2d6b3c0d21dd94ed7d10de914f43814a9e0d0c46f9fde0410ac2a4122eeb519c67e77b3f28bc470738f7ea270df6cd41a478d4bcdcfaed37ffc35f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
51fa3172071694448c8f0916c9ffdc39

SHA1
34b1a957313f1eba400883dada84b9d3190873c2

SHA256
99bfd83589cc61d56fe36fb2fa9b8d28b7c9cab06389567b3672d9d2f53d9de9

SHA512
32f79f6e07120e27a0affab88a6b4c7609eeedd55d044cd25beda06a77aa7fd208ed897d81f737766ad303608f7eb1c37319d32a43e746929f791e1ebc3a2947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
be92a3302ee06c418f2c9c334e70ff43

SHA1
3a5812b124c94ea0199b02cf1674ebc8fdb25559

SHA256
d0202cb91ee3d443d5a3b00870aa8869fd7ab837f0e2cfb94db9c91863a253c1

SHA512
1e5b7e3bbf38937510fe40807f6024ae4c9c24a4095db71ad736f6a456df493617db7abf6c3c93af8231c8550dd34f86c9a507ee1508e4af9c191135b5c30396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad3a225be11ea02c0c48862ea4ef9a8e

SHA1
5461a45d45b2b9e15f45aa9727d68990879232b8

SHA256
50088b1201dacf80cdea0d841e408d77738971cab7fe0db015e2719dde80e937

SHA512
628a28a9dfd942a7c927f0b8518fcb8e1e8c9685ae3212b0331a1c002ea71495a0defdc5d2d23b611c3ea98bebcc0052e4d22ddd494d7f22f6aff5d06a779b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1ae639c72416f4ac03609104dbf8d72c

SHA1
b7237834e77a76823641f40e54c52556355ac06b

SHA256
f0ec459036d648b27e3ffc454161aa16ce05705d96440832239ecdf379bb3093

SHA512
9e675cbabc602c2da74fc7163ef6d2c7aa158d23dbab6db7cbe3a3e395113988a9b33db4ddef9a7a172f8f6179e4344f5f593bd2e31c5f2f344c3ae00147c3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
ddcbd1c4650217f6359a2864dcb8f723

SHA1
93fdb2f40567c1718f7621653490f170fad4734e

SHA256
9d2d1b2e1d0144d6f9e236aacd36334e5bd978197b0701609a498c4b51d3b4de

SHA512
d0714912d463124e204fe417a0dcaf5aaa957924d8f03434619d9c09a5154325a1c28f0f67f27da0197e4bfe960ac6b27f6c4252789a3f8ff434f15d135b5d1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13342370564328439

Filesize
2KB

MD5
42ad46478519cdc9472e3b1c05c45230

SHA1
5c4e6293235f04ffe43812a5a6115895a6c9114d

SHA256
6ee23f98047bbc5f7bd53ad655a47a6db6dee31554a8791212a3a780525015f5

SHA512
a36f1d913d3ea87de2ab06dafbf9d5933d29cec1a2b03e3895754af892d9a9ba5e4a0e11cf145f2eda26258f87b81395b7fcefcc708cb15781523c5b03291063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
fb1468e9d033a2854eed4e12cdcf7629

SHA1
7cc3df0f28d581560fc91851bf781b16d5981c55

SHA256
cc53ff8e89f9d63815ef69942e27023450c849f22213e48d5fca752bc0cd9e73

SHA512
a1f3679fb1a5967bc669ea5395d5d66f99602f9d454b6b214c259db8937b2581e64e2fc7d853d418ed88790abf8134d595c3f1bd25a7447c1d6bcdd800373da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
bc668ed4902e2a5ea9707ddcfcf1816f

SHA1
ff9c0e35c3f503d997eb4a0375704d901cb23927

SHA256
e64f38ad3bb6485ed452d7627b645ecd685e5c08f34e8d200dc2fb7a1134c818

SHA512
0db2a764c2b94a336ec6437063f789aba4b32b12b357048d33a1f6ac5cab3d1c4e336f6a84c24a1bd36dd56563eeebc51dbce810c4d6a129747ea246dc4051e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
15a199175b9192107142fcf1983ba40d

SHA1
509f07cf1729c66576486a2e173889b70e619f3e

SHA256
8c899636a584ce68e6bb7ce3c33d869c37d8e6f1c622bdec84d4eb312d2abcda

SHA512
2ff1d737110427cdd7e184b4b685504ffb2b151554ab181b45a6f843e81190cfd9e9a4d247bd7298f200899ac8f7d863ddbf7ae1f4fe3d5523b0bc08d750a7bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
843B

MD5
17c9cf6bf7de0b5a0c410ae4ed875082

SHA1
bdea2d323094600b4d4e6e20d76208b12437c893

SHA256
17f6ce242f92f702fd107d21e7d50d65a9abbe3be0e90f0e6915b9eb61ff8dc1

SHA512
bb1d9b99e3f7652da614df891490ab793d4121c3845dee75ada85d5d1486c20810d9d11d36ea4feba2ff28d6d3188644cac1b478b1c43ba78d92248a2b818ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
fcc296f8670c3f0bc40686a6bc5d3ed5

SHA1
dc8c924df1fd6d3d7223cf5147f3bb607395e395

SHA256
f0309bb50f96f0c32fad014a6aa4c78ebbff840f4f4604f6c9cfa6cb483579de

SHA512
23159b59be3724d00beb55fa00624323acd7f75922b8f60f4683cee5ef1b2c63551c8df26309d7d462c694f83e0b45cb574abba2bab70cac85dcb034a81c8ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
23673a0cc177909411f34feba8f4e4ae

SHA1
4a0f4aa0526abcb074c4ad4ee09d5f8954aef524

SHA256
c77d1a6335f064e7c8ef616c5c7c39f56c5a22fdf5a340c5b3d372a13b9d599b

SHA512
3f951cd50c9502b5b8dd0320d18aa7b812910447b2cd46f3484081e8e50fa2f4217642788c61db1cc0d32956dd42853018cc03b8965ce93f64df75bb92eab59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
3bf61ff269bb8b3b62bfcb5a6184dc41

SHA1
162bcbcacb8ff7a8fa7fab14c24aaa1210fd0c47

SHA256
d5f0969bd45ba16a7396173529ed2bffdcf740857f06942e3c62edb6d6d19651

SHA512
5df5fdd5f0f3f0c6ef9c74d940bb336f55be622e22f98822f4c29568d88565d0968b33027bcfd96494f75ca6f62b1e4ded5c2ed4d048dfae1f98d3dd8532f2e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
e5e8ddacd684fac5afa6e1864cfd55c9

SHA1
ec046389d50b4c968d63ea204ad0b5b375d71ca6

SHA256
3fc4e0a852d8ef0565e996f6e441e045e3afcd940da6c9e078d11cc7a42139d8

SHA512
0063e6d326bcf6e488a8d447f2e954db8f673486762aec5327895d699f09ad2047a361461f1b774ea4bbd2b9d84b93ebfc2a3571b9cce50a216ce149c9ec8dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
5f6f12e776c4afd87c11a0984189fa47

SHA1
c045a625a3d8277425510410b69d712e24280412

SHA256
34c989454eeee22b25fe17cf0720c71b51977345f40e5545e5f54e2cc75dbbe1

SHA512
c9a03959e2b45f099c7bd19ea9b815e335ae0e425bd75721533c4ca322510ec4513dfc33818ff9b96d62ab42d2e446c8a58d15ec3d404bd385eec314a0f60a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
9ff0bcc6f869ae7bb942e25471c34a77

SHA1
60a82192fe96f4e6bc1a7ef89079b1b171a7def4

SHA256
a1dec4fb4c9a2906fb9f6c5b5e73659b2ac4278bbbc60f72b0b46fd339a73bfd

SHA512
c0112b4417f1320db288d1b6caf7715ae87d3254821ca51f2c7f558c72f5347cd0d6f0b7230efb75f686d4364ba9533c28a76df930027e217b4070ea6f82750f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
d4b339f8b2641c9704ce2be8f9359b03

SHA1
d06d262929d65c89d5fed95384daa5e1ca5c4b50

SHA256
70708d602fd7eb5a6070b91563f9278dbac5fb28e42aaac3de4d5b64dd206f96

SHA512
dc05f0f9de8173ee6f24bff7ca83ad2a98cf07dd7d571056e4a8199d66c594f7386e1882b938eb43d3d6a75a64df82e214787bd0817c17141817d3e9094981b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
563d0e0d7d749d1528da204f8283caaf

SHA1
d785198bc1eb54fbaf004c0f1751c6cabbfe2762

SHA256
56775d752bc04430ca6adf73e68aac376faf4c664aa26330196e9568b76c5e79

SHA512
73d94119b24df2f07851dd8beb81b89a75562e13eedd20cf7d770018afb13b50ca6888e7c4f04f5c63d3d1f72cc1fdf0e7bb49d50c71efdd7cab5dd9ecc0759b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
b30bb180d9c955cf7fc941a1727f402e

SHA1
d4342e21884448ca4ab0f2fa7ebbc9acf293a978

SHA256
04cf9d313d4575f577ee13d8898e829a88942fce427f01cdad6f253e48b0d59c

SHA512
6d30ca0ee265fb44f70f06c1291a308df1957716efd35b7c8bb6df73a84ca1890d5c01cf919468567f6bf8334fc3bbd6004b35b2459df2d444aa41172e9b19ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585c34.TMP

Filesize
93KB

MD5
020a83e518ca0069b323cb31e8a3fe45

SHA1
53cb095a35addb886a21afe0485273b32330e95f

SHA256
1957e23cd71ffb388abc5894851c11f15e7ffaf2f31dcd79d2baa1d877e67ff1

SHA512
ba9ec5a0a940c8d55b79eda8e58dea1dc1efcbbd410c57b2708dd84ca3834d5877297c606b7cb14201a1ec1900fc94d972475f11dbccea905e3e960493811bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HB11Q0WD\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF4DA84E58D187DD9.TMP

Filesize
16KB

MD5
dbf0b59a727e5ace5ba97b1f148654a3

SHA1
1862aaafd3cd1399e2f8b5cb89ade2428d728ee0

SHA256
422d9b92b8be734a9f9eeff96e690f53c94a011d42e2ee6ba2838fbe4bf8dec7

SHA512
2d2bcbbe0adbaa2dd6b0bed5fdf36c81d7a5bb1cc7dd50e2dc30941cce47c6234b12d92db63a1421cacccfa9e2d3a0b0401e601a02c02e1abe34cbd78d5d50a3

Download Submit
memory/816-141-0x0000020F1D7F0000-0x0000020F1D7F2000-memory.dmp

Filesize
8KB

Download
memory/816-16-0x0000020F1D900000-0x0000020F1D910000-memory.dmp

Filesize
64KB

Download
memory/816-174-0x0000020F1CE20000-0x0000020F1CE21000-memory.dmp

Filesize
4KB

Download
memory/816-173-0x0000020F1C2F0000-0x0000020F1C2F1000-memory.dmp

Filesize
4KB

Download
memory/816-0-0x0000020F1D020000-0x0000020F1D030000-memory.dmp

Filesize
64KB

Download
memory/816-153-0x0000020F1D1C0000-0x0000020F1D1C1000-memory.dmp

Filesize
4KB

Download
memory/816-35-0x0000020F1D1E0000-0x0000020F1D1E2000-memory.dmp

Filesize
8KB

Download
memory/816-145-0x0000020F1D3E0000-0x0000020F1D3E1000-memory.dmp

Filesize
4KB

Download
memory/3988-91-0x0000029DCF0C0000-0x0000029DCF0C2000-memory.dmp

Filesize
8KB

Download
memory/3988-107-0x0000029DCF150000-0x0000029DCF152000-memory.dmp

Filesize
8KB

Download
memory/3988-88-0x0000029DCEEA0000-0x0000029DCEEA2000-memory.dmp

Filesize
8KB

Download
memory/3988-93-0x0000029DCF0D0000-0x0000029DCF0D2000-memory.dmp

Filesize
8KB

Download
memory/3988-75-0x0000029DCF700000-0x0000029DCF720000-memory.dmp

Filesize
128KB

Download
memory/3988-96-0x0000029DCF0F0000-0x0000029DCF0F2000-memory.dmp

Filesize
8KB

Download
memory/3988-117-0x0000029DCF270000-0x0000029DCF272000-memory.dmp

Filesize
8KB

Download
memory/3988-101-0x0000029DCF130000-0x0000029DCF132000-memory.dmp

Filesize
8KB

Download
memory/3988-114-0x0000029DCF190000-0x0000029DCF192000-memory.dmp

Filesize
8KB

Download
memory/3988-111-0x0000029DCF170000-0x0000029DCF172000-memory.dmp

Filesize
8KB

Download