3377a75081373524925e985cfdd0735e7e13567ae46e2b55b4f1eb94f3532975

Analysis

max time kernel
536s
max time network
550s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11/05/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Alternative Dash.exe
Size

8.5MB
MD5

bd1e6a8af79dec28eca7bce6bb311eb4
SHA1

29721cbc12ebd6df3faf91de2884661bb66ea425
SHA256

3377a75081373524925e985cfdd0735e7e13567ae46e2b55b4f1eb94f3532975
SHA512

031d5795640e2ffe41cee826136ed638fa2cae96b27cb4563ba72dcdefeab314bcec9f0144babe03259b41d81f6c8f261f7a4072c9830f298795ae7b8898a2b3
SSDEEP

98304:gV+mMdl51ycMEUGNmOw/abBRtIQ1Pdhb4JmULWpcoCZvsj6r2t9+ESeT0mdmC4DB:gsmMrBMEjUOPeM0ULfL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598743530799501"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1230210488-3096403634-4129516247-1000\{82C18048-BA91-4CD0-B81D-B6CFB9FC1158}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
3324	msedge.exe
3324	msedge.exe
4308	msedge.exe
4308	msedge.exe
2716	msedge.exe
2716	msedge.exe
1560	msedge.exe
1560	msedge.exe
3184	identity_helper.exe
3184	identity_helper.exe
4584	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2104	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 444	5084	chrome.exe	94
PID 5084 wrote to memory of 444	5084	chrome.exe	94
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 2720	5084	chrome.exe	95
PID 5084 wrote to memory of 1036	5084	chrome.exe	96
PID 5084 wrote to memory of 1036	5084	chrome.exe	96
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97
PID 5084 wrote to memory of 2404	5084	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\Alternative Dash.exe
"C:\Users\Admin\AppData\Local\Temp\Alternative Dash.exe"
1⤵
PID:1564

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd2ba0ab58,0x7ffd2ba0ab68,0x7ffd2ba0ab78
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4196 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4960 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4436 --field-trial-handle=1804,i,11398698930531579872,4375643703878377640,131072 /prefetch:1
  2⤵
  PID:3100

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd38ca3cb8,0x7ffd38ca3cc8,0x7ffd38ca3cd8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,13613464661183063197,7876689138923434680,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2448ead53db66c9b46c708e8dd203156

SHA1
b5045d2ccc2ef505d6fcf57d67bc3003989754d7

SHA256
795c533bfcebf7d82f01de89877893412ad6011bf701ae036a9ff28afe57b365

SHA512
2728dabe7aa240c92ed7e8482baf1e65b9bd5cebf4f0c0773953b5faf771ec9eb42102a1575b841b60114a889097e894642202d77a0baa7b1a05e82321f5c02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f648d264297a722619690f4e0b816986

SHA1
c07b578768992dff9a8b7db48d6fe0cb448d9b48

SHA256
89852be43cbbd4181a05f05257533f51ecb64fe3ea274816bb2db1e265255b6c

SHA512
f03df1418f5e523f8f6fdf03458f78918f4c01b99d17c1a868664c0ca9b5fd43deb18d3d7637dfb59d97d281707643179b42e6085e600daea05885574c9cb031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
74d4c1bf0fbb8a042496bce2077ad86c

SHA1
d6d54e6ecf922b2aa7752c8ea3ad74656e2b3d07

SHA256
fe263c40a029f33463b527abce6a6b6065617fe5391fac89cef1e23f7056e19c

SHA512
4b2de7071a07da24874c12a4fb9635e6ff95517d2e24dbe2c97b6667d2fbeacbdbdbb6968b98910219e1be9afcd3e1b133a6da5bf574daf54982be1a78001a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
487aca7cfac3c5299f10700f40115328

SHA1
86fd6cb217f84a0bc9218cf47aca53292a969ca5

SHA256
8ae4c35fdf07b7dcfe6d36024e0c378ac0bcd106862d9cbcaadb958014a4fc71

SHA512
ea7ccbeab35a205f4425512af40b2a6942b800259f195713b9e41b60827a8533931ab7ab1936c37ef712a26edc1ff5057c77d057cc30c1bd92f7f1111b9d0113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a44a34d212ac53e8fac814e1b57417d4

SHA1
1f3312a0ef834c5932d5816e67c173b5570d19ce

SHA256
8192b8d2b7ffe074d12457e69aedbd7fec84633a7bc9ac354c170f72921ac62f

SHA512
e841049780b590bf777834633885dc1a85eeaaea48b6bee09aca86349e85229a5c4743a73cf2819cda1f66392641c3038950e068debd470d2b9ad3f8459b9ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
eab90c1c1e4f041affd0a899fe799d24

SHA1
98a3caecaa0945ee96bf361aaa279016ce02613b

SHA256
109e14425cc790cec002c2a347c0d2fcdcfa6561fb77040dee4ef25a2961d8d0

SHA512
12a847ca81ba2f720ace51ca7fb240848af2f6e39657c63ae22a6b7d45ab74ecd00747c58fec7776a9a3d33352dc039325de302ce32f6b2e9a1d7870c873683e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6e3baa258f1ced02418b27fb7943c119

SHA1
4a2e6d5175f88ab22dca3914ddbef2a54c58d2ed

SHA256
754d13c8089965c2c8edf431984a1163738194aadaf2067c8b0d20aabdcf7988

SHA512
21da501c9e88f44db37aa004102fd1f4c56448eeb87b87e06e6c06fe02ebf94f1478effa340a1787f8c9c4076c6df386c11d91c3e34e7438b77e81e66c438408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1093b10489e31c4f32b57f7e7409ecdb

SHA1
9d6856bd7195a8d926db53e03b5ebf03efb63f4b

SHA256
7f1e6a18d4512ed12797e944b5299ca25a85b203cc0505340276dd67fcc45951

SHA512
d5dad86d7792190063c22a44fa0f9abd637ea21d4052fa51309a9dcddcfe559adf25873c64f1507fdd964d14dc559d87fc884b99caf170bf365cc6098bd67d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
29fb5a391405cc85979d873d5b334f86

SHA1
1b863756fe1d25977523db3b8c7226d70ffe7bc3

SHA256
55ceb671b6ed828fcdd2552784c912b739fd3a7a4ad86f515982bdcae3ad6c9e

SHA512
b5fc15a8bdaa6dc02e761fa2661f7bc9b0f9eccbb9949c57d56163839448a7371d52767fe3439c1c1f5f75fe68c0425727f47648c1682e39de4eface61e29d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3cfad2a0f69a0930f6fc0600d4b16d7

SHA1
620be3341fa8bc674baf211d6a66717161d152ad

SHA256
ef93408bc001a40784dc51d840c41c7619995ddfff898ce7ef3d40f589feb26e

SHA512
d047fa6823f7147aea04f462ebdfbfa9242cbef3c620c9c176a483ec4b12ba53c44221557530a753673f06e7b22243858acb6ae139ed7b6421b2503f38ab69be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8af5b82f3130db0888ae863f84bd768a

SHA1
3a7d73f1b6ee2efcee170b87c90e7e6ff01a5630

SHA256
00c74a87822adf51975d6b513af14486a1bc382476c909a22407eed98bed00d7

SHA512
667bd4ce01473637cb28e1a12a3d67cf502a8f6b8eb0f7012d33cc03deadefdbcadd21d9db1c712abf4ed6546f16419b571ce0a7510c5bbb6661ff9f9c8b506d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
857f873358fa700a410c765aed388347

SHA1
b8e29c5555c60363c525faacc79461367433bb8f

SHA256
1cb30fcee067ddbd01fa965852843f19b674ba43af830741819c43c6273d6908

SHA512
583ae5218bfae46ff5945e517a4d098c937a8c1f329a411cfb2fc1559422eb2833e5672566270fe6aed732753e9c410253a9ee723705f21efd8f339e79459b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
5def7af5f23ab669b939124536572ff1

SHA1
81d9dc5ebad82c2177270d20637d21839a0eb8c4

SHA256
a3c34783fd573bf970cbbca5c1f72b06c910f4847cda4a0bdc363ef82abd2198

SHA512
044b17392e050ce5e9cbd5af76edb3bcddba94d37ce5bb5685191550c3b8ee8e63323343ff3a82236757ed349dd70be5553e36036e8efda7568f6c7d2ae56717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
6bdecdfb7a55700330e937ae3aafeeae

SHA1
66cf98bbe883b93336dc20b35aa0587367c76f60

SHA256
0349515bb1fa39df54c29184bf902454cf18314b3ee45070a7dc648f90637ead

SHA512
bba13b8da975e3f33493c35d036d61c80ef371d1e995948d6ea8d316a7bb2b1ca38a2691c8789a5e432f483aaf750bc1f722e999142a508f8d86b61b8d12f480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ec798491a1862b0300c1d25bd5c0c6e6

SHA1
97eccbd28da6a32e630dfce24945d90f23f53acf

SHA256
29bbe52bc982ebd89766214e51e26f9e8b544f680f42df07fc845fab5947567e

SHA512
a0d915ef1eb24fb23098acca96225c587855ca83f2e0f45f78753ddaf960e1537ac34d7b7f64617d9a12991333f86f29cdc805ab65d1bd250eb4c84bbc381199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d58d981beecdb6b70ced5f40b712d53a

SHA1
6d8a7a7f3554902d0cd8b8963bbfe056511e87f5

SHA256
28efd4804890c0631ccfae27fec7b6955710e4abcf2b3ee94be4597717dc502d

SHA512
149e3e661dbccf2712680bf6f68fa98ab8753851617bae4e36c3fbbf054dfad35c9b861db517dc7d64bab8f5e8a6a472fac2b83ba9494fde1ece9fdc4c7bda3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
067a7b4772227d270a1dc3387e209e5e

SHA1
b6b606bff2b6cefb9c6ba551b295832bd31dea17

SHA256
391d6b2c4851c83822b2db875a50d015741cb735d7bca8e369b5003f6cecd4c0

SHA512
502edecb3af474ece4f890c4b0466ebd8edfd574105142a45205d479f0f4bfc878d71bb20e09c358044f576507d3eca56003cb7b84255435d76b573d3d8b743b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
de2469dfd26a1c9031cd096dd2b113ad

SHA1
aab8feebf7a249493a516497fd551547b864fc35

SHA256
e968c7d3a9ba62a6e6d7d0d6931ab5109b71287b5cc7806ac4392926887c4e55

SHA512
6be91059802fe7aa0f20a4056389b62676d2f4c9a07cc031e390b6e0941e567a66a769072ba44599664f3e73eb784adc9df598de6d0948f9b577af2d417cdf1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8925bc20f19b0c4bc50ad7a79083ed77

SHA1
2e2f52af8ff58c9a5a96ef2cb5a1a6e6f31bd9ff

SHA256
0aaca871235393ee00668c0c54d7ff9ea2e1bfaf53ee6c44bf9591755be5829c

SHA512
f5b4db9b0c146b84dd10b5fe64bde41c3c4e21bb542bfffc1a21c28e2518223d46b3f3e10aa4d7accddd921393e3983cb6b5a965fc35797f0c1d52b166a786d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c720eabd0ee13ec38f9d7d1d725dc7fd

SHA1
65dff818151c2ddf2f9f9f323956f161371ffc4d

SHA256
691ee0937a869c90530429f09d2774bb7e39eff40a4545d5961dcc691dbafe3f

SHA512
384f1d7b518b42dbb93d14ef8bc51626970915c35861047d25baa4fe5176cccad421ed52ab99c64887eedf8ef971c7f7d1f3a1b458de0f5ce4f1068f3e510757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a924adbdabc9a0fa0b5afdf9bcd4ef9

SHA1
5b488c9deb4f09e0c060759640a6e489e50199ee

SHA256
04f76f5598cbd5f6c2f60ae29d170c0defeda3b13b7d509bc03e52a76d98292b

SHA512
6d9041264459b5736a9449372eaa8dc07079ed443e7f4d39ae0c4c726c0fa0c7b9067868b1aa77bb095b812b4351f25f2b8b5e538f467f7379533e6e28e56396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c92288778a042ecbd00d12b23b23cc09

SHA1
ad1c889a1758cc7547e9318f6c0d9c59e4cb982c

SHA256
4ca199a5f1b1101457ca25f8b9b94ba15e044f54baacd80784c5897435aa1b7a

SHA512
bcc2270d8340b852f9ff0f18428c0ce7e30b0328153d0af6cde3767dd78b6b65dcf2893c785e010e7f72fa5a93e6c92eb2fcdb828a52331a440e88dad65052e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d38703b0113774c2d254e38db0b2ddd8

SHA1
e2d2fd3edc4ae8b37eb3e8438bf1bdc6e9fb82c6

SHA256
15cac9e0ae79be0f4f89568f60427ad71332579a33a808d3c5933cfd4465e042

SHA512
cbcf7eec9c5d7b2cdcc23210315b09dfc40664a6d47cc91981d66002eeafd3038933a11d1ea0bb32a2769e00f94ffecd2eeebfe08d05c42e741b18f5e3566d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff30c947249cbe5de7ee155862d96e08

SHA1
0bef2c78d1fd598024383382537e904fd9be5311

SHA256
19a0b5a68a07c197f259dea895cc7164b678b460a893cfec8a9e733d383f567d

SHA512
d077129b7371a2be2873f272cf59408a016c39bd36b760c09abcdc4608cf23cfd40bbd899a1f1b16b1704424c2ba03bcde0ee3e2fc0dc8618b2790f7b583777e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ae5fd4f7340d9fa2f0cfa0f27191d54

SHA1
7f3e80314dd45a1c0faeddcbdb081d8a8d9ed10d

SHA256
058d74fbc05a7dc0894a8b8e5c8763178e883af66cbc8bfee0f3f0b81cebac8e

SHA512
ce90fb8d49daff7d6437743aa4f5eb7ac0c304b30c8fff28e9158b4276bb55142e57cf8b7091adbfefa77fa0222dce382a118d30331f5903b6e3bf1123347ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7089f56b174ed01eb9b8eac1662a7bf6

SHA1
923c07d30cdacd50be706d923cfb702e40b488a1

SHA256
568a8e819e7225584436ec9ad10d362afb77127c0d32933417fb2e933d2f3897

SHA512
e9b561dc93564607d11b8b8e19cf2756eba69161251003604638a8cbd4d5426b1040e98484b435851bdb0776c917e20c3194ad523a561e8518608b4eaad7f4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
161f98136d4c33bd9de3159296abda42

SHA1
3aae31898523936c509f34cd4aae9338a708c778

SHA256
e6874aefb9ceb1807aaea2ba350f89c57a1f61d83aa9e2bcaafd1c7e4e1375de

SHA512
4470559e1115e05c1d1b4d8462ca115f7675e565e4b384e416353a3f48e9124b9834f75ae5a1b5ac03c195376d881734e4c13318f35b05bc091927a34cc66205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ed2b3072c32f23280a5ebf32d3d29d81

SHA1
117e03bdff8e5638be3d03e078688d33febe379f

SHA256
14650cb1fef9e351f82de30912d4136af8cd8dc66dcd00b12efda5e650d17064

SHA512
dfcf8aafb1335b084cc781c08768d4c65b41f3cecaf316f691b000e5734103526f1d8506dc8a0754bd87c8dbac47367b37386c34b057b0e50a373c751a4ad020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f310242ed7b3321dfc873231ccf9b0f

SHA1
8f40aae334e2a8834c558c90f2095a559369b729

SHA256
4475fb8a7111da9ffe5506f968161a28d4d4947251ebce7133766f24f81608f3

SHA512
8d82283ee3f8eb3ce5b46d41d4216d6a7c1144d71e11f5da3187350252bd92adabbcea583115794cda547ba441229e5589a38f993e14acb574ed2e99268b6f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3fe87b4f9f921e2f7c3918718b1db36

SHA1
1e76112b50a1f7cccc2ddebb1f8df51370a09fb8

SHA256
ebfb6a22e795b48f19dc162f66b74d18515f3434e7144635c6e178de932dc80e

SHA512
e6403cf05e6aab029bed092273ceebb151e0b4c5179832896322e35def81a96d6ac3215947558b880188c1fd663843583518f28452f005d0f538ed7122d2ea9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d792a.TMP

Filesize
538B

MD5
61b6c48f55e8e39feaad494831ed6517

SHA1
04722bb07e21ced8691a2b0f7f4b610b576214e8

SHA256
41e9764e8d797de24b047ae3b9eebe1fdd136c4db0ccad8813805988d2ae0625

SHA512
303e1f70ef8b39978736dd2fbdac1e00180826a9292cee91bfa2ea1c3f8aa4ba6f101e291d1f8ee14d3b870c27b2efaba8fe3d0467b2b0c552631bf6a3d48a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a58f0f018d288d4693fbafedcabb05fd

SHA1
f5ca060beb3ed092f1edb9dbe1915e803c6beded

SHA256
dd94e9d4907fa1b61b18cf747b2541bbe5687cad0f7090e8ede31c104c302bdd

SHA512
9c8dd23bc8c5d51a9d05695f2e11fc6a67a8687ff5a4ebd0bf42fcad86650e2d75f18dccde745ed2e48ea13e3e21947891c375b2a976e981ebdca9b1b3b3091c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ad23c7a2295b84b24497236bbc769ff

SHA1
e08418f9d2458a5aa400019377dbc6b8c30a5adb

SHA256
ff8dac942428466508015eb48b309196600c44fe605b97ce05d50908ebf4ae19

SHA512
f357d2dbb913112cfc9879c5c9b5962391919cfc55e9df24d7abc9287d35c114f8eb5ebfa2eced543291d679e802e20ff3497f7592ab3b77696f1c653905377a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bb3919e9867ca797fb305974d0d855a8

SHA1
08f80f23eb467f26fc9c74d831443d9870198708

SHA256
4282e0d2b07eab2b593385f26c30abdc1562259d84307855e8a5d4d285bad436

SHA512
dbc0d493636178752b93b677d68721a33efb7b72468eb74283a4713d2a94a2a6231c8061d22a13676d4c95960b2bfd7d68262527d80afc0c2da72bb9a2c08b76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit