hxxp://ff | Triage

Analysis

max time kernel
141s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
19/06/2024, 15:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://ff

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632842172859162"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4208	msedge.exe
4208	msedge.exe
5088	msedge.exe
5088	msedge.exe
2128	msedge.exe
2128	msedge.exe
1688	identity_helper.exe
1688	identity_helper.exe
4140	chrome.exe
4140	chrome.exe
4192	chrome.exe
4192	chrome.exe
2584	msedge.exe
2584	msedge.exe
2688	msedge.exe
2688	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
4192	chrome.exe
4192	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
4192	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3044	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 4680	5088	msedge.exe	76
PID 5088 wrote to memory of 4680	5088	msedge.exe	76
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 3552	5088	msedge.exe	77
PID 5088 wrote to memory of 4208	5088	msedge.exe	78
PID 5088 wrote to memory of 4208	5088	msedge.exe	78
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79
PID 5088 wrote to memory of 2072	5088	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ff
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffddd2f3cb8,0x7ffddd2f3cc8,0x7ffddd2f3cd8
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,17965295044444041395,72116923083794716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddce4cc40,0x7ffddce4cc4c,0x7ffddce4cc58
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4720
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x20c,0x250,0x7ff75ba34698,0x7ff75ba346a4,0x7ff75ba346b0
    3⤵
    - Drops file in Windows directory
    PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4704,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4480,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5000,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4364,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3296,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5064,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=212,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3308,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3512,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4440,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5036,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5052,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3524,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4336,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4652,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5196,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3440,i,6451628858196846797,12301259489789750284,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:1164

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3484

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddce4cc40,0x7ffddce4cc4c,0x7ffddce4cc58
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3068,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4616,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4440,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3392,i,16241521777381712905,3278179706575210449,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3092

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffddd2f3cb8,0x7ffddd2f3cc8,0x7ffddd2f3cd8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1992,10156005033515619348,5874803249837977449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fd76fd6585745866f5d383be5b2c2e9c

SHA1
1a81df7dd2ab5dda348e0801c0e08357093b1968

SHA256
0f0288b5970693996fbd51ca2e13d43c83459755f1fa73b603418f9ed6678a74

SHA512
ca44a4de3dfbf1ef063591ec5641b547fb1bd71b6061bc8d0d15ce7bd70404f47deedc80ae3ac137e0cce3c76ba3ec386be77717f483f8238d27f18b342609c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4ef8b2d7-d68c-453e-98a3-9c12af3e089b.tmp

Filesize
9KB

MD5
bff31938e293bfd660bc69e479f73919

SHA1
68ebe9c92330689c28d31272fd9d2adec2581bf2

SHA256
864375aeb9fff1103c892b4220fe671e7eb6da7b9484605205a964aef079daa9

SHA512
4a67ee861b1b0b5cbfcd80abd0cdadcf79e9e574f30852c80933f49cbdeef2d17438f509c746522514dd3fc81b4c169a8bbb75d2de85987f990e8d857810a7d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\69432c0f-ede3-4398-a8fa-00dcf909475d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e1943b9b65cd238762d7e858baa2365d

SHA1
034e812d2f6c953452fb9ae9d4c030d67704ded6

SHA256
66c7c0ad24ccc9ee90d12f280c359bb02bd87f481b52eb9eeb43201e4b2f7f05

SHA512
8e90567d545d4a781d1aa14a64a94e27de2c19f7ce08033f3293387f2f4a640f9b62763de8127cb1ffe53d15d7e30fab7d27cb94f564347f752a47120d02bf8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
53d56af0bfc434c59825cae90fe001c7

SHA1
55a76528bc06ed58946d5e5df7f4ee7d685c5ff7

SHA256
d2054710e305df157d828446b00d7cdecf3c2ab398b2126bc1e5be5ea9a46fa7

SHA512
549ba95a076311d1df3bd7debe9e1d965dfda9ccb31cf948341b7cff1a74d9940b08f76db1491d5b930dd4484ba76509fa5aebbffbdf9376665050c7435f4199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
469a6fa95032d58ecca786b3f801bd7c

SHA1
d6e4bc45a23a7a0ab4c79c0fd0875b3e1f136aff

SHA256
f6536ef6c92708353f957c470404d405bd4ee42e8db725675378b310bf37649b

SHA512
b840a03572e8c7d6ea324d24711344385baa5007213e7428d40eb57261a1cfa46d9747d6c0d4683bf93a00fe9d4aee00d341fafdd449811b087ec656d29f660c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
4c06a663a50b3cbe9381e004adb7deef

SHA1
3b7cdf590cbda12734c97998768aaa7bf3992476

SHA256
dbd327cd4d9eaef2b2e4c3bd2faddb9f94846d0e2c9360862faa5c309d41316d

SHA512
03e0b64575d54bdc93817970cfc282becbd393bbbfed0c0fa8a2fd4c4558c201606b17ed9c9b5b540265b484b1fa56ea20a9819a33b41bda2ab7e4723ae92233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
645bc1ab95b9930504639086cd363819

SHA1
f6173d21adbd6d454701ab20cfe4bcf1cb709deb

SHA256
c8ef1bb89e815ca2daf404732fb662eeedd88c25f0d48ca006cfb48577bd2c8a

SHA512
b8b2dc2830178e7a24e2897633c1f8ac2b50686fba1cd4b08ba6d05c838c9145ed0d624c7003764cb0bc8ce7e3b9dac7b286b2564e0f6ec999f569f0ddc493c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
dfa453e39469a4ef731016b900f002d6

SHA1
a26466d936ce4fbb4b1ccb8402a9251427138252

SHA256
9dabaf9e9a078a7e2c21047c6b184c292ad4ec338c3ee8dce5c361fac55901cc

SHA512
7a74942fad92f70fbaab3cdc3be822410bad493a0aa0831a9699aaa0f0f48eefc6f9d3669ddf9fad0329dcdcff58f14d76b180195a384df01ad0f5195693e02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
61b6a90e261033778c0d76c4fba8d2b8

SHA1
667b267b905142f1ac5c48d34243972576146377

SHA256
c7512922cedefb068c715e193218759a3aba0a938ecd792205a050c0f9f2cdeb

SHA512
bf038dcd958975dd93dcb6f905f39417c168bee8fd442e2d1b0c5c6859063f65bb7e50b2caaaf2cdfa0840ab2f5d11c9304bd1a6d2d7c5df4a5b288608fb30d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
76366b84b158fee0e819f4fdb899f899

SHA1
d11dfd0abeac3ab82bb1c670032e05293ee55ddb

SHA256
ae8f8f7a553cb0a55228e9b2fb0d187b9072ceefde57fdddf8a4991e0a7e5a3b

SHA512
cf88127f4173c15e95a2e7b9ad4a47dbf015f4052b2b58c21558382626a24a2a073e7e3fc92609787ba8ab56b2677e2a120790d5a6ca4c1578528e99ef814041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
fea667673a8cd0eb4df599a256069670

SHA1
918e2dec2133011724579a7c99301cb43cdc2d7a

SHA256
ed1c1c0c3639e9fcebfa74665a28dbcb71ede8d8797d5a56139a154504b7626a

SHA512
52417aaf9a889a5b5fbc2713fabe00d91a588164e26112fb68492df5a362411c7e032205ceca2771d706249199a388aba0b8fc2b6773f7afd592064f9d2b9836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
1c41a0e6665131fe95a98c311e3449ed

SHA1
745cdab25682629c07625a1794986c09ab8ac570

SHA256
56d9550b794d3b94afdb2517b3f5329a5a248f98af358f53e10a37125519941d

SHA512
46325aba970ce8f032a4d0eed1c17d99da67e205289e0b9cc206eb773f88331c53b969ea7ac50e95b53a901b3ec8d678f35f6cc998e1bf93dc7679f88d3cca27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e67986736b16e8c37d4e8738fe835573

SHA1
25ea8b7e707e564be29d858086585455b8e7a098

SHA256
81bbc3e118896b3fe7d1ec37b5fee68804f84d868b1c34e1f0adb6c3582a70e0

SHA512
7b06df16126ef0ca5ad9912976a5b862ccb32bfc10900a98d2ef386d6caa52cfebe77c27ab4404809345194bb7dfa0f50de1aa6a3c0811302eb28477538f28f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b0a9e95137e32e059a164e7ef65858d8

SHA1
82e1e7081227c725018926becd793c2be14cd55c

SHA256
8d91d7217db9e3ab372f393a074130480bc105bef80736b55a72d23d2cc7a001

SHA512
afa49e212fad04096762dda212c268d5eaab6e8e618cfdfa037b0c56c1611d83c0b473b790029d721bab101834160d60f73ae31822daa53ec2916ad83e027d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b43af164c9a783a0c2b5652361531982

SHA1
1e71795ae72d65ba93141aca5c92ea60bd927d80

SHA256
6cb98a5eff9233d891c6b4ad738b35281692e2d90e04d41af6df680fa56f8eb7

SHA512
b114e876c0c37bce9e425a7e365b0693ed8b7b5b80b97de865a694c5fc1e7500f9b3ff249652951c0ede24e015871e7e0bfff6ec50abef03bb3c5e7e5f27fb20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efe7da0f934d4036a2687a84501b57e8

SHA1
86eabdf99028daea697d9a7431d7043e0328731d

SHA256
c56285e7ec3487d19586fa4d193d39897e50d8cc5e339f8ee5040d324a5897b2

SHA512
79baf029c4478e6c92dd83288fd45cf0c52bc2f7bad8fb45966bc51c84adb5301fbfb1e385f346eccac94458882914765b9be14485f3db98e1281d0712969881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72ca8c5e4dc14fae0d692632b1bedcd0

SHA1
d96199851511ec106627382d4eb7a0d579d0da97

SHA256
451bf82566dd403ff60aa9d5f6e8b3acdae06f7ff2bda228783482dc678ea9eb

SHA512
ed8867a9ea5b2760152639b4a7382d075631204e0442c786449a88aafacb7ff62a2669b01517acedf3a4bfa2fad57d92c8325999fc983dbbe97098ded1b53059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df6be0c10bb6516262e1a52244a8b1bb

SHA1
b6ad65048a86522f2fad630f538cd2624a15f7cb

SHA256
8925ca4cb345da4231ded92970956e1ddb19dcbb8f1010878b8af5eb0b1378fb

SHA512
cbe8ced8e6a7120658df2acb9bbc08082976fe8bccdedd2974d4e309e77ac7774dcaebe4dbb57f3d29404536d4cd787c49eab1e18dc397bda6d182fa88432039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c8a0d83d5a6dce9e8ef0daf3bfdf2193

SHA1
f05f0c6ff31a5ae77a97d70e99a040a78b97a593

SHA256
3e28364468340a4d19392c1923ca3bd062ffc0079a40c1d8b85df610729d2090

SHA512
eee98b59320ba95031d0ac7117219db4facc039113173ac27eb1f2fd856b80f5f48179b7b34adf213b4a47c5ef73cefb8ca58a91562f1a8840a0a7922e942eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e422157f90521efc738192ec9cbcceba

SHA1
2c68e6d5bdfebdc1e87ae40a003d8e126bf56bc0

SHA256
ba95758da8adcc95a95f33e4f86e6afaaab17fef5051dfdcd6709efabbe9f848

SHA512
ce627346ad1ee664f47036713d782ae1f0635a1e81b8986a6603c4e7fdd41ae7a23ea7ba3ddcdea64787eb05f5c57311811dbb1ab804046beb9f0cd34d5b3d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a87c09923a1729a9a13f3dd79693e6d9

SHA1
82a69a55055bed233812e1de81768a62c0b9675e

SHA256
cccb958905dbe70eb6a1f9332de5a4cfc7873516cb5bf6e0acc621352dbd26b9

SHA512
6cc4a4e5f43c071e25d66ea92ddaa73c449d34b64f1831912b209a0ca354f3e4b4094f6bc16254829f49d8d41f1576c964dc06e86ce802a1edc56999015d251a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed7deeb9bec40c5e9e6e28d718ecf893

SHA1
70c0a0ec51bbb01684068ec9ec2f2a0d493c0b41

SHA256
db3f79e4ed2428f6962dc76f3b540aca0e06c0ffaf28f653403055027d3211b9

SHA512
bda246eae027db6110ad5ebf1b0dfb040b37fae795eac2bd742bdc6472627efd54c694e25c9ab86f6ee48f9faddbbd196ace8eb1399e5af4c878457e4fb474d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2a8dec0d495e740993e0f672f8fffce

SHA1
9885800dc85e88655f369f4f5d4bbf5f6e7b2c37

SHA256
90b498fc8c5a13b5f0b393c665988df31a588c290f9a4e5ba1f2cc2f80a53fe5

SHA512
350b3d46931cc1ecf8ff70c9978d2bbe2d20abaadeea176bc9740d54897c8e93bb0cd5b57872b2ad9c2d0d32606bba9d67b21216495a311dae201eaf91d370de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
2403149ac7ba44393f079589be4d7259

SHA1
720eb8fb672f346ababa6dec8251ab8f54134dcc

SHA256
4f2bb77f99215986c662291ad71633c250457c5156cf64a1e9b38de64cf7e5e2

SHA512
14530685f45d0c1abc36c88c8a46001e696ba306e976ac8633ce8967fe6f0dfb25a7cc2f3b5e122b2fc62d8cadb7ccce4c0e19fb20c509468310ad79d4de02ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363284242720421

Filesize
8KB

MD5
86032a33c39bfb96557ebaea25cb7793

SHA1
a1c45afcea05fbb1bb69d7021ef41110ddd41586

SHA256
77acfbf1e59e138e13804dc3d100d33fc6ea2234ec42a6f16e2563566ede537b

SHA512
e88e0a8bb1f8d86611f831ffbfb3e6f32431f84ba3cf0bb29e150a031b4a70da4bbade45f689046f9b2583f03c59b983812e70fb620ff26c3db2420367b6bde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
c38e6b77f8781d1426cdb83c5be4e9fe

SHA1
e6deffab365a7ac0214c15bb35fa1e2bf07d33c9

SHA256
0f0e9e6fccac3f086bef1014420773d3559070c9b691df72ef0b2884c35fe6b1

SHA512
f53b69618a9cef2b15d00461cab22d1aad40d9663943320f80ce7b67bf4d8edc8bdae07b6ebc55e41d55adff93317bcfb5fccdcaae88bef7503af6e166bb5628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
2ceb6ca9707906b48832b73c2d180a55

SHA1
8c97245ed4d13d56b4a9f5d72e8d7688b9c12363

SHA256
e8116a3c06ed82f568ef52337d2a2c7bc77af8696660e6c65313ff17241dfa1f

SHA512
d53f1117b4dda5c3e1d1ad80ee38cf09f7dfc5b60ce660b14dcef25cd454ce2fa800c97f6d5292b4355e6b2450e144b3d3bdd49bebb7784fb3d643490c1ea19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
318B

MD5
0283adbdc7dd7b668ed3882956065107

SHA1
5c98acdfba07d67d0ff695c3037b857b10748d5a

SHA256
aa9a445e647c4d7412cacd266b335e59f67e1654f82d37f5fe74aa0b52498ecb

SHA512
196b75704084fff0ace7125f9ae306d2fde4dcb86113ccb19ae5069305f926d6306a37ace78bed74657421e7a1c810e307fbadc0913d2241f665e14884a49379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
931975cdf58f95ca2698c84e9c7545eb

SHA1
7383db2efe99ce8b42b49916509bcd72eac526e3

SHA256
48212410923b08dda2f51bf70e2ed90ef72cdb3ed8923a2d93a628ea9a266de4

SHA512
32ec56223b50c789345d4709ba75b778d4a7c5f93dcf6fb709097e4d8b42081a525507bf58f456bfd7c0ccada4ae6ccbaff6aa5bf74f89ae2b2dfec8754c2b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
aaa1d3398c11429309df446cc70a4b24

SHA1
426037d880450cfe67c0db4e8836d8cf67c3af33

SHA256
d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31

SHA512
5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
a70e7cfa940eeb63483bd8ac9530de44

SHA1
82e5838bdc6b6c8a8448796540a5af826bb2f85a

SHA256
34086396938d1c123e35db4372567cc4afa2c8983c9f18de5a0746398ab57b78

SHA512
6b49832409aba8970496990784316210f9ab5c8acb6945425299f1b4261c3352acae08bb6c136b70fd3c237a9776d94ae7585714f57fddc1e33bee9a69409dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
6f4e01a7c36223ac438dce2e1895c980

SHA1
742e16d47424b96ac821ef315994dd8cf26474c5

SHA256
942f7c20ea5aa672bdce81ada9466dc2f00c0901e9dbb5ce405ffc3faa3944a0

SHA512
45eb6161e64eb19842c5efd3f2c0f0514b5a2f28d1f4c6e35e056a27fe9f987c6cc81bb011a568ad7beba93f924aee5fd72b7f0237f9ebd4b3b6a9bf18a95293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
d88a4292f55d848363e776336d4c1133

SHA1
eaf0dfdf91f4f94f6887c258851d80d0bc853172

SHA256
6ba8e14adf7d087e02228fbe8f22eb6e7cf7a982b890607d02b4b64abe22edf1

SHA512
598dd928f125f5a9b24e1c12103240724b3eef41341d8f36f55c33c2a82b1f401b3c8eb6f8eef7338575b9a3fbb2ac8acd9971319e12061203abbc81b9f065ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ed7d450373765d898e995e87f7e250eb

SHA1
d7cbf2c37fac5788aeb87e338125234fa6f6f4df

SHA256
eef86f43dc401a485b3bd3e38adc528e2743c6f28c184b73411c8985b35a7a71

SHA512
fda0bf114cf8fefddf3484dd5305ac998f5b30b097f03d95b107d30a13fd62054f9d44ba850d804fd34ad390b7a0e7aaf4746e57b2c6b68fb18fa5571d7a78d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
3ea0b587d1fc302dc3ecebc08bb5bf94

SHA1
1a834f839cd117d277ca8898d061967e2bb1a345

SHA256
c01466f007dc848cd25754830b89fba4671b6603778240482cab41dcdb7fa070

SHA512
8429d721e03bfe16b4f98efc1dd69a59af13a0c05f44df70ffc4cad1565743250cfd8ce48470e42fbc4bd905cd1141afb101da4bf028a7443cd4cfdc6b56b249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ffaab15032b98dbc1e252e6a04ff7d22

SHA1
283496b216fc55a2977ccf28e3428900b4bde170

SHA256
c254553cf19233ebd3feb794ffa8af4b00845bee7a8ec173e9a39c2d840f0dfd

SHA512
15857785b0c5cd7571dea5138917c6c762b971cbf23339f228f9bccb34c966bf6a05a15fd9cf485d76e02a6c4881008a4e62e6e541c0e082782f973c17a2864e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c943f0307318f3d69cc8930a72d42971

SHA1
01d59163c824b980379dce41639c78fad6ba14e0

SHA256
0d760e262ac919999053b0e1a2a4bc02c76111bb9ffbb06b7a6a43c8bfdfdfe0

SHA512
a19111e2c014e1a95d2a85b0c61758e1260095d2a774105e3cd1cb030a5d17d51a8ad64a9b456a3b4becd52929f7e411dd3b10857532a0bb7259b30a363d6b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ca2ed81b874f610862c800b377ae71b9

SHA1
48e4641b23300488f30131c289e5a8c8e1bf53fa

SHA256
ec31efe9853df22a2a13822c82404ed97e3875933b785745e7c6f750c238e0fc

SHA512
67c525367864e621287540f2cdbd172cce1cbd4b2861e1809ddc8930a1e1481dd1052ca0b4f218031dbc1a1f13af04f649970744b606815364a9022322d4eeb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe6bb0c48738006ca2b15d83faaee562

SHA1
e94f0acdcdc956d21d81882995ac7e7e934fbe74

SHA256
ef946237d4b1a5eedee03262144b40d9e7e0ea574ca3cef34537f14b7957139a

SHA512
ad23a76a25484ccc07134988e41366600aa0f2cecf6c8295509fec3c174744ae4a625db085f4ffa86e0cd237c2e21772dac5aac47d2fcaf8d7e6e909771b796b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac9efe6cb54ade82b0893ca893d25385

SHA1
7f09a62bba88adfcd8bfc643f8d01c05c383d306

SHA256
b96e00ce32959a01797ed263bda13cc8d9bd53a7e073b754c061b5d6a8e960f5

SHA512
ab5c2e747bf99fee91313aa6003f4734a4fc8ed7ed5aba51124fbb3c9c96b0e367dd494b6bfeab2423176c6e97cd380223d023575d28b5d3b0c6468fd5945673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
46074d3c78c2800691c15b1e1106169a

SHA1
badf9a617fa3c56a948953ce040e7b22e16f6533

SHA256
0042ffc61a48b514b52a27b8094803d9a333ec571b9e5bb2146f23c6f6a9e182

SHA512
d7920fe5e26fd63ea90dd94ca305db5a10adaf50d9491b18b9dfba212684d3fd5b5a004540600f74015c0b6125a1086b1678b21fca005910e7240de209163f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2fd0d722917c2f888ee400e52979c042

SHA1
d06bbe3f61277342f71eeb1119c750bbe037e0af

SHA256
7afe7b87fdca5b7dbbab1e865f543c8b51ea07b0aeeb0dea7fd25947abb745d3

SHA512
b16ef74831a20571f174a4987ee6ffb73c605fd385391ca48c16c2c22c725d148f447c5f4d01c1cd5dc0a9af01fa351fb03f74ac5b40730245f39daba9ce702a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0f5d578ae8e6922a12117ec0a3505bc1

SHA1
ae9ff026d03cafb746a3901a9bbbefb1bd167f13

SHA256
78b71ed4deb1a94a0b6dc8cb40c0fe39991b4b7b45781b9da85c8e1ff8b12ef1

SHA512
9927e7166f02833bd3cf64202702c19e6e85aaedc1435faf40e817361ea8e507fa72c40297a540c5ea9b2276a50f83951b42ebdfc5ce89b314565ee3756b14fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fe0fada2d8544beb7cc08fc4212624fe

SHA1
9cba3e92e8c48d3f87dee654987a36bfd16ccd91

SHA256
bc7b1d74fb7f64c021f68530649245c827a78235586a33196ed2d8918c1bad3e

SHA512
59ee5d04380a94d50145842e11b0e92dfd6fbfe87e2c88b060dbe88cfb8bb295f8c03c73cefcc545f3a5b0af880cf63d4adaee7d5d6a6f37294828fdc6b50f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c1f548635a1cf5fa1f5eb520396de2f4

SHA1
81689e0dec49c672044b2cbf353d341058ec2aaf

SHA256
617facd81beb8fc4bfb50e030c549c45adc8638b35c158301e3b27656db02f12

SHA512
8aca52b2d055b32669bfc5dc99b659841a3af31c7626821559da4266d7bee72091749d39e3cfd1bb6a91f8191916948304274c4e4fd1c00c92913c95f2ba4ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
18951ad4190ed728ba23e932e0c6e0db

SHA1
fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0

SHA256
66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915

SHA512
a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ee87a5df2cec41353233851e9956d539

SHA1
cdd287b4be58f5ee3464c31c9f073daad13f2eb7

SHA256
2c25ce8141d1e6e601907a4d54f367ba7f6032c9596d24b30a245d94b719c880

SHA512
3afe8451239bbfa4c7cd6ad4e123d8558aba43a570998ef76834dd12b8b0266a4c9dc7bf57dd9a903208a029f3a0ae54822f1ba1d29414615bdcea963b062379

Download Submit