hxxps://linkvertise[.]com/1169231/solara-download?o=sharing

Resubmissions

05/08/2024, 04:40

240805-favtwa1djh 8

05/08/2024, 04:25

05/08/2024, 04:22

05/08/2024, 04:04

05/08/2024, 04:01

Analysis

max time kernel
272s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/1169231/solara-download?o=sharing

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
2028	Bootstrapper (1).exe
1356	Bootstrapper.exe
1756	Bootstrapper.exe
2484	Bootstrapper.exe
4560	Bootstrapper.exe
6012	Bootstrapper.exe
1232	Bootstrapper (1).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs

Web Service

T1102

flow	ioc
210	raw.githubusercontent.com
229	raw.githubusercontent.com
233	pastebin.com
244	pastebin.com
309	pastebin.com
209	raw.githubusercontent.com
230	raw.githubusercontent.com
234	pastebin.com
305	pastebin.com
307	pastebin.com
208	raw.githubusercontent.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
110	api.ipify.org
98	api.ipify.org
106	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1620	2028	WerFault.exe	135

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673064768943947"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{B0F3CBAC-BA88-43B2-86AB-1553A75D33DA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
1700	msedge.exe
1700	msedge.exe
3900	identity_helper.exe
3900	identity_helper.exe
1580	chrome.exe
1580	chrome.exe
5732	chrome.exe
5732	chrome.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe
5164	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe
5732	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe
1672	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1952	1700	msedge.exe	83
PID 1700 wrote to memory of 1952	1700	msedge.exe	83
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 5000	1700	msedge.exe	84
PID 1700 wrote to memory of 4548	1700	msedge.exe	85
PID 1700 wrote to memory of 4548	1700	msedge.exe	85
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86
PID 1700 wrote to memory of 2716	1700	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkvertise.com/1169231/solara-download?o=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16436577597887053398,16235098332833369056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9c244cc40,0x7ff9c244cc4c,0x7ff9c244cc58
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3392,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3784,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3508,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3304,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4032,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5384,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5212,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5904,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4360,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5932,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5672,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5960,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5000,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6108,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5240,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5052,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6080,i,1706378915375230852,15205113716917643798,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:5592
- C:\Users\Admin\Downloads\Bootstrapper (1).exe
  "C:\Users\Admin\Downloads\Bootstrapper (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 1712
    3⤵
    - Program crash
    PID:1620
- C:\Users\Admin\Downloads\Bootstrapper.exe
  "C:\Users\Admin\Downloads\Bootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1356

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 2028 -ip 2028
1⤵
PID:5536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1672
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\DISCORD
  2⤵
  PID:5160

C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9c244cc40,0x7ff9c244cc4c,0x7ff9c244cc58
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4380,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4796,i,16848001840303908139,5009902802553536544,262144 --variations-seed-version=20240802-130108.496000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2796

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5224

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5164

C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2484

C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4560

C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6012

C:\Users\Admin\Downloads\Bootstrapper (1).exe
"C:\Users\Admin\Downloads\Bootstrapper (1).exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4b1b9a525f813b0b50fb768a91122eb0

SHA1
57a0788d952a0f50652f836ea7a687d3d6956b7f

SHA256
25c3fa80556d205f3e16606118b663d7a465dea6ec1f0e80d11146fa174a1617

SHA512
4973fd4728896dbdddff55f07ba80c038f0af11fc1e6e373272d291a079aea5dda09b17731d9a935c30544e65e2a9a92bcdcf457162e311399864bf185a2d0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\17b54081-16d5-4193-89ee-e62c640a5ffd.tmp

Filesize
8KB

MD5
6949e35a4b237af81be36a7bfe4258ba

SHA1
990e890d553d0d3c5608b997216c4825b491b3f6

SHA256
dce13d60145ffa64800e5a3a5d36b66fea3b6e58840c22ffa30f43421b77abf2

SHA512
d2ea367086751e95fb24b88c698f321d2e25b99a49a814c67d0583211dd45b0a1189048675022737c65f3c0ebd9cd07c86be1a004225d5f888054ce668d2842b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d033a88c120411358250ffe353ea41dc

SHA1
1e68ad8776459ce8d05920b41877670e4a34f7f9

SHA256
2f9c91a1fd41a832e2f08ef4bbad5f0f393ca5f2f5c33da38e08e85122d78665

SHA512
389e3156871814c8530f4b28cd6d19577bc7401bcb3e9e7f9960d42de28d84b4f66c7a59284a975ed30ffceee17f61fa23c7e6b39a7cb02c0527b3dd5e987701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
3605531553708410201b5a117259faa6

SHA1
378f25d306fbbda6d4ec58141683826a49ba1177

SHA256
56fee8b7a95f6c465ed3413f7dbbb5761aace6048eeaf7279b71c7b275a4f22d

SHA512
07d1bbf7aa0bea8f580700db9edf1d6a8fb4c86053e3158c43aa603ba67681acc15aeece4d25f6aaad969796534fe340adecd186b4903a0a0c8e0675bdfd4469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
f7ef63f7ec0c9713f566efb16b6e39ce

SHA1
5e9117d372a94d2b7889143bcde7db838c32c3f0

SHA256
be871741d0fbc2a0d3a96fae804a5772a0fc40a5f688e571de95eee9e7eb9aef

SHA512
617eba06f6256d606247ec0fa51aece492a3882491217f2ab3a15910338b98e6cfa49e0457736fbfef8cf256d538a367a38e0581a75540f0633bb9788def2ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
f77c150b39372cdb769fcb20ac7813a8

SHA1
943ffa6c3892cde6360b05353a8897f308ee1412

SHA256
240da86c1deb25b8ec1ac17d927fdc7b00f5c9fda53efd53fda2d53c570678b9

SHA512
6bbc4f6c28ff7b17e220cb7c4061ca3b452b8144ebce9e512babb2b1a82693413ef0aa088580da761c16f5c136a39eeea76aac8687ddcc9be399d7044638fd88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
25KB

MD5
6c9f24607a85011c8fa145f30be632ad

SHA1
8f130cec0d0a6579fe8d398bc7e62451e7badda0

SHA256
7d5a1d5cc0ff324a2faa264a6d1a40115aa945a8d7c71808108da456125dc784

SHA512
79ef710010892897b208f4b4c61c043523454ae3bc9a765057ddf0b8e9f702d4a6ee1c13317b1fdf95caeda2b9d9fd182140614eb409b5fc72cbffc6c723b48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
27KB

MD5
638a4990025383a0f83ebf29bdb84a68

SHA1
153e8818dc42f598e47fde8cf398f1447649a4d0

SHA256
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

SHA512
59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
7483aa93018fa3b981e264f1979037a5

SHA1
a45f144342bd810750a448edd8d7fb0f26c61537

SHA256
016b6b68b8439288c9342f63c38621521fab082cb83bf10d4258b52403170c46

SHA512
cc3093645f1e473cb1b48b01e90b5512fd056a19059608e0f9ae99b2091bf31ce5ebba8271f7207de490782faacd979d5f4a03bd041d5ee5db38f42833b500a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1147d1f2b6b94c35ae6f45d30d6735cd

SHA1
d46ba7a5947c5d8bce50ddd7d95b9420e5009ef1

SHA256
4773a25c44542676e673864200f872dd8c381f87dbfa23b6857488d073d7bea6

SHA512
160be364068bad339cd2b2e216da863e48b0331e7ecb353acb9459928064807c4a29d49af12828376e0cc272034affe5593eb5ecd7f22b2e0d2236bec1a469d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
7ccaf2e3a66dd8a960a22897a48c3c54

SHA1
112bc70161afe8326889a1c999bec9107652b472

SHA256
c27fcca7805ccd24f03cab666818a7cf8293fd0513c797ad71752f3b5c9e1901

SHA512
08b7595d168f4587cca4d4ee514d0bc6bd2bbacdfb5bfd698693e6f491133d150944838b44bca958f2ed22fd0dffa2e6aeb2008884185eaaa93a0bfd900a2def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
a2655a3d86d9373d913165405e5121f6

SHA1
7fc8e6ffdb7d8eb21d825e6aeea4c6181acf0689

SHA256
25ca17a978de789031a612537e46fad839e5a45aeb1381ffa41f60d9ebb83900

SHA512
93f0211b52bca122fd993de6ea003f373c5e0f96833bfa9466ec46c72dca7542eea0b030cbd563c0cc7687c67a4c15c466cff92451f839ce38d0b6d16dcd06fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
2c8525f16dbef3bda622d77c6ae4f752

SHA1
ee97e8146da87f2f9e0084a0faeb4632f6aa8493

SHA256
081768e2553b7632518664b0605d47477d27ea2e796bfd5bce0463710d493dbf

SHA512
6ac7a2f81d3b62dbc9d9871d1d6ed302551621d78026796ed25fbee134f4bee23dcb55e7fe22b77a56e1f074803ebd8c1e020f1c8f2b7d3a3cc3aa15d58ef55a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
293375301782c3b681556d9be7376f04

SHA1
b5882859d51c0d6d1ad52697032bbb008c3c5d6d

SHA256
d79e7882482621c790b43df701627ba9160a5cf603e885ba6971315e40cd6cd5

SHA512
6c9dc16a99518850085269ef06eaa16188cf3bb0d453d9566fc1d86d832876bb0d71015ad2b7f510eb69a38f5b38bcde2febd50420dcc9d9acb8a811cac8ad70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
6f8cc1a3d145da6a5bf4dbc074baa919

SHA1
2a5dff4c0c6cbb2ad5a12037ea31ad68ff796d38

SHA256
0a5952268a7c8709c79e8f2de1e76c0b15dfd105dd7f2c72590e9b3e020baebe

SHA512
fc63f5dab3ce4f1881caf42d9cfbe7d0e6d841e6dae1c3a21e29e7acf4725262a5a5858fb090f7c07401ceeea49169b2526907672346020bbd04758d86d39539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ce6ecb5b92087d906841f6805a9db2b4

SHA1
7e51b04cd644b332ae424603202d7c505215f074

SHA256
d9d9caa3e383ccd4440450b20807de3e3e03e44bc58f087c02a296445d545e68

SHA512
6f416f9a952a208c7eb1082c3ee0bc66be36a3f0cf2eafff3933d245095d56df26016c8883b2137b159b8f4b0c093a1872598b5aea14cb5b819c07c46e3177ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a486e81bdf78c6925d61425637d608d8

SHA1
ae58a15f21abfb643ef4dd62cafe90d733884e59

SHA256
2a8cc67bd0f12a40e052d7246e5e5559f7790180c0445f7feb5e729accd8fdaf

SHA512
ad179c5d4e7e0f76304c091d96b8b22f478a95c14382d6998d55a965554172b18662b0a1018bb1ae1d679fdfd329e791a413a091374eeb75f6f471e87beae5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a4dca355ccc9ea04260d0e3865ce4c7a

SHA1
514b49e16944a74a3d0d350f6d93ddf7f36a5fc5

SHA256
c6e68ece350d78892852815b3cace14dbefc47a8a63dcbf4fb6179c49e81e9f9

SHA512
4085c6500e9006802950e434f6b6f189bc48a6dc4717758373b9930b30e23404e8797057db223865c83677e3d855a1a9f867858f7fd0a9156f82333cf203119c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
819a0bee8ab42d3eed92ebe2921a0a8f

SHA1
4f87b53dc9633618d8a2f2971886d5699a71fc48

SHA256
7f0146d2ac0c69f1689e525ecc7059a5dc25869fc4ddccc825a0b55952304828

SHA512
63302a921b13a00fb2c87b3f584373aecd7641c26e1763fdd8790af8586fa0949a1279623c7271bf07139e104e2a6740464d7ded41c788bd84c902f54150f15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0616c359b558c24a1e4ab39a27eb44a3

SHA1
f6c2aa8a492060b2aef798313bc9e91051f78449

SHA256
e165580438b49e41fb6c498d561283dfae281a510603e1992ef3563bf96c798d

SHA512
50dcb0d2ac0a3b1de0e04e70d0a9033bb594804100842648184957ddf0da5d3961f6b917f8efd4e7dee1321465956deb1479372c08589fde06a0e085e1761284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07f23a6b87096e8b1f1687b41a2f546b

SHA1
f7bfa892e01b40038528f1508c2b1c9eb67eb56e

SHA256
2c62b837117699ea3550680de602e7f349495053aa5b3843be1a4e2038517455

SHA512
16f09071a4940d6dfe59ecbe852125bed707de8af016694a5181b74183b000ea683ced0f4646367ed119affee5e482890b7143124925758aa5784a2d2782ada0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00262d433e12392734c51923eff41859

SHA1
ba6ee2dd09c844581e804b9de03e2eb898bad0b3

SHA256
8cb63d01fc78228229947bfc7c0ecb79da82aecb8aed1af48ba7e86dda964550

SHA512
5c84fb4d5880346829151d79402fdef540f70b743d5c18240c57760b88a76ea86bb30972aa6e04d18a455f388ae3f7134229a935a65baf24c3b973514d07ab37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
296ea1602961ca94f5fd573ce6f775b9

SHA1
297b4697b9c1fecf28505069fc7fd747c53e0d76

SHA256
96fa9b97a5492ccb0d6d7da8c61f8631c16661caa33565aae46e04aaf82d96a0

SHA512
18054d27feef17bfcf28ec8d49370e866efe34f901b89c8fdfd9473f2ed70a0b3200992e03c82de97ae8951e49ba12a51babcfbaf963ec5f3cc532229d42a42c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3ef0f7533dbde0d69e24eb338eec6fda

SHA1
417cc4c8805fa3e6c8ba996b5fe5ac2269d6c36a

SHA256
43f3b38ccc56431d7c16adb17ccd62517225ae0f6ea2a73c5c81b057756790d0

SHA512
137de6cd5e939bf7af760225e0c3186bbdb8ceafb6c3d6ec855bebbaa57303509e64b1b527112d5d198631180328a46b3296516a859b9bdadc51ef919a043386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1000314576e228c4be804b5a9860cb93

SHA1
ea784fe8d775d8ee6c6e6d0079c2d7b5502e9461

SHA256
3635d675c9a2a07fa2fee2dfd828cd884cdd7a252552872ebbcf9f789e20e9ea

SHA512
065bbb29a230c6252b2997b2ce885837fb78ff6fcd468948e6bc5b6d0a1c8e407bc75ae85af15f6b50d9f0af8ded7f0d9a428cb2ae02fa59683366a8a291aace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7d5fc1710624e4550dbb89f815d76d35

SHA1
b5df4354064a502e2be95575e735f7a102e1d7a8

SHA256
fc39956f7f8c67169696d23202e9c1a1140b71be33ee5a2fc6227bc2d6dd0714

SHA512
4945ad3d87d01678f7fcac53e140a1d11fbd4ebce1ad37fd437c88b36d0d42a7907c3b9092068625453ef42a4e74ef286eab7ccf32cc16f7fb5211562d9a6e4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
849e22b42c033aa9d5e855555a8655b4

SHA1
4852d656f34b7f7eda524b9f0d55213b50327bd3

SHA256
fc9515e186c604dc4eba9cf15c54b4ed7f22e67156b3fa68ce5119f7e8b7ba42

SHA512
144ff02f09ba39b3b6aa9735aee2e6959a476b8e1d65a92ada71aad526085d0b7e3f3f391a9f73223689da736219db5f0967d0273f115afbe0b4b7cd5d26e72d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b14e36f742d563afe531825e3372ebda

SHA1
cbe0b2f399092e74505772f89b790f75557667a3

SHA256
5c151d18b2281293acfb80253a22440f793bd4a3cb24b46d35ed6b36f2d4e97b

SHA512
f420d600b250dcb4b0a966c05d700a14452c66885aae6436b2e4518810b6c77e1cb25b5ad5fe95848797f4c7efca25a1fbdfc6f4336ff9edfb5fd6602c0d688e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0f2545a0794e48024d70af92a1ecb1e6

SHA1
3329e48a9de8b3fcdac4c34fd091109ae5dccdd3

SHA256
302ef759634195ca4d1b939c1d38f789602f9cb5068d20e90dabb6641e3e1079

SHA512
fe07d3fcd6db7b75699972ac4e00fa30c504bd4c23c7cc531cae0baea84ae0670982e2c5a293e1b245ca094c8f2a6e38c36a5395d535c7ff97fd1c8d6393f537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
e4f0d4298d0323d7a6ca962ce11ba848

SHA1
fc375a6b5ee45492bf488c0970ee37f493ba0233

SHA256
b7ab7a20c0f744ba650251fba816fe183ff4336a2aab14895fdb7a62bdc339bf

SHA512
81080cd582447bc09518f4412d4f58d8824af557bf7e476dfbb119b29d6fbbdd3a072420569aee71f32031da196e0194e35fdebd04e8c17804632d9cc43d6e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
1b999c9d62159c1fd1534383e116d8a2

SHA1
da9c6cb0beaca5c36b59a3882f70e8f663b7bd23

SHA256
5625942fca5ad3e3a59988a7aac58646f778eb4c2aab454932329358211441a8

SHA512
a35173dd4965f2834727e571a66096acc11f04e6a64a7781c2dfb393a75202001291b7ba9c7fa23f799ecd92265e9d7f77cf4931f7c5f2bc11e7781916563f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f28b29f9-27fd-46c3-bf88-7ec47e487838.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ab51afd9e254a0549e4f163ec3871b72

SHA1
305a57b34fa8d5ca7bfd0b10ecb84bb2c8c51a1c

SHA256
53fa4785264e1ac6861b81179f2788896f046a6c2a308d0749c740173af67ef7

SHA512
4203514ae90788aa746746fccb522715d65fc6405a61806eb5888c6b7c8e1651e353680054f45c46586c9a86a46fbf2e5faabb22e044b08a57dc9565a77ffdff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
c7089f0e02b0a29b4353ef32ef075e2d

SHA1
1bc7ad53de2b1bd9e13994426ce00bed759e61b0

SHA256
498543ba948038b1a3394c16041487fc590f52ba34e240dcbf6113930af3f0b2

SHA512
c6d09155ac04d532f85d2d1f1804213dce82518598dc578d11cfa12ea08f3ac7dec038aff68feb6b9917ea3410b854eea4e4c8dde85c6ad1216a961d93bed589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9baab950a7fd6c87c897551c09fb7575

SHA1
bde3a8b5f8f5db64abc3a3372586200a916f12c9

SHA256
21bbaa18c0c36fc5a30c5f76cffd61bfc0375cba3b709802385ab9596b086389

SHA512
01284c711a347b8d96fdb4ccf76aaac0cffab3075e845d385720a54064057cc6a5005c7b9a37d8274571f65dd6d39fa09ef221c3e7f0574ba8a3ee22535a4d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
01c4653a012fd4b8b70eb204ef4c40de

SHA1
d4c53021f113654c4cdeb0627a68bdc903457dee

SHA256
e687c27ebba1f72518586802e0beb824ad868fdea9cb5b11534c3e5bb2275447

SHA512
0dc6167e8e8359693f1ee39c8fa53b75b330f3d53abdbcccce8884f5c98ff9350cfc6ba1a309c6d5bd42fe2a2b1c55c54894bc6a992f0a79c7db7f1a27a98a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
077e001e32f2af70178a222d5715a4d3

SHA1
77ababb7c8185fde83ef1ad0c2138455afff2a6a

SHA256
5c5fb537993663fc01947591bd2ec9586615d45aa10d43eb78cc6c44c1e4cd03

SHA512
c101de446a7ce7f0fecb751a1d39157265ab7744f2d9cf5484e81d8cce35d8b08eeb1f185bbd045c06924086414dd84b08264d9088af6fcd92c9a6cec8794804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
5718ac42ffdcdc8ca113927b9d45d3d3

SHA1
d4173ef9d8ea4aead9b9bd09a6538e4440b6914a

SHA256
07b3feffc37bc0400bcd33402ffe517be82bc212555c4b9ec805380a7c7df9a5

SHA512
2408106ec986f58d4a66e1e02580f6896cb46fb8aee80d6b587cf4570252ff266336b86ae413333454565232ff49f2090965735e30cc0f791fa5a56cc326ad3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
01ed418305a705c20ef5489cfe3d2f3b

SHA1
f50b85b5445b74e43a19b00cc868879800b01e44

SHA256
0f999f5ac728c3dce5a8b189578a56c03fe07c629074a45bca038df6442a9ee6

SHA512
c510f3c599bca0607250d8d85f78d95adf0db959fcd41abeaef8b1cf32a6cdc150989b6b7107e8105292b0110d74db51642c451cafa7af60852d26bf6c864317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ae9d8cbde057ac4e228dd95ab428b6ba

SHA1
3349f8392f4529d51b75bff2d5e3a4971298fc2f

SHA256
147329a63229253cbe2d488599b34e40ecb7a20c9ad99c35355c1c3bbd9b0cfa

SHA512
2d44c2e3f7c9d3b1095cb597b790ca874d488ced4827b8f75f9ab70d7bc354f6d053a14a16f594741782161051620bf3f5bbaa14a062256ad9e5b090536224f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
e443718ddea665633c0ab20fe127526d

SHA1
30e3b745a43b1e0ddb7016adbb4cb8c0bf3a511d

SHA256
ac1fd712d4ee5403190d7b91bfaf9562f0a8a002cf19a97eaf0cf06900c0082b

SHA512
85cee0c3ac741756c294e556bfd5ecce969e2c9c2559328fb8ec050b0943552d24c0719e0d02fde0141acc2a4e440273730a0731bea0d7cedfd8ab7eedef3293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
20KB

MD5
f9591b93005fee4dbc1c46f23e4dd100

SHA1
7dd709edd6d6e17fa26a65d26c73f69a8e236bec

SHA256
c33f9944d2f9e9757f2c44d634f304d69ea061981e7e5b8db91a57125e903071

SHA512
afb0288cd99c572b97838e5b6567048be7529fd31e7c3f580da273226a617eef5ff7e012ce71729d9506f76747fb08a2cc788b834dcc778b74635085774eb4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bootstrapper.exe.log

Filesize
1KB

MD5
e87e48b105757e1c7563d1c719059733

SHA1
28a3f2b2e0672da2b531f4757d2b20b53032dafc

SHA256
0aaf22dc84cc3fcfe53de7ccfed8e662247dfb7f1a9967032c88790d0c663461

SHA512
bf19c5743143aee914a453c41189c722c9b90a5b8bf299cecf3e1f97656d32cd209ecb74da8aebc89bb41c27d189f73aaaabbc64fe383410c95dc76ad4218968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
c4e4bd5448e205f0cf0be7dcaece046f

SHA1
76455ecc7fcbcef404bf2d4165f122f846b24d04

SHA256
f0fb4a9dafd19e6ba34e3d205069e3792f3983830275b66d0ccf9759c30c4646

SHA512
ba05ff70555adc32e80f60b83311e6cb0f155826f2a5b91aab07e4309bb14f7660d1b08706d3fff5cb520e666d8524546c4bc0dfd33ab779f0faa4467ef2afb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d9bed073da81d030a2cf97181005d41

SHA1
8ef7219077bdd9d009ff6f4b5ca4e929bf908865

SHA256
03fbf477cadc3081dfaa7a2dba3051922ff2ce978a51ae6a0744d3cd0a001075

SHA512
7bd467b08a429b5b9eaa7d625a4429b7c16d6caf10c81d6d7205d92bbfeaee6ca263b574b45ec0a499e6f1ccd15b8d8689d7a5128fe7b4dbc3c4f3530af17dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7de447dd0fbf0513289b0fbf7c06fc4

SHA1
de4fbecd891873b543529b64188dc3fa736b9734

SHA256
3b62ef05e3b7ab6dbc711fa03b7341b1d2003c8be16ee1e5df69d09c6093b17a

SHA512
9b6a2aaf14864499ee9257c6c3a95103d528fcb1bf8ac5b5e7355a17ea5c23e962ac61fddb4b4a6d26eb4e6387c84caf9257d240000d3075e736f28462ad21af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f332c8f142651d082d3504dd7c0b0454

SHA1
325d4239cb31f37328f7e6e7f87eea96655bcf0e

SHA256
81c468bc1738387b21ffb8b5d826988eb8c2c63696190c26e7fd3586811b77ac

SHA512
9715226af3021acd2a548448b54f96b44dfe4dfe6e6bf158b68a35b5df9e98b3c3c90c9ee6a4525ed59d5e8657e658a70b6868985f3ae422e1f6e0186656764f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a5d856a5ec0a55c8e9cf7c4ae69136f

SHA1
ea9252d23b332c212328922a26b268b5f69bbeae

SHA256
360d2ba706f0016315bdec63cd97b3a019b70e1bfca2ef6d877a2cf023b80904

SHA512
cf677b04e34267d44bcc58c13b600249658daa4aac826f48c9dc4508787bdf59e0f024ed21bb77e9482838a29dac9e7f12cb963fc5d4f43b5cd50889670f08f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
264b63fd0af5802c484de4f45e3c3e4f

SHA1
e0972998932d8d8a84601a64b93b2e9fb7298392

SHA256
2bcf824e6dd3728c15ba74d0d6427fb6dd9d48536a7847c4ba80ad0f5e7ea988

SHA512
f77d6ffe7257571f3098703f1677266a5eac26350ce9f71f742715f93925b3fba2833c2f02fc9f543021bd49b64841eac7bebd23380dbc3e76b594d96b3455e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a7efc6b1d1a58eb5757b10ce22289edb

SHA1
c7af07ac46d6736e91d4c48659ce98602a232b6a

SHA256
3c724022adcf4d0ee6387fd0d7d647ffddde86cf7620189c5ba28f4ec39faa90

SHA512
874cf8abd6bcc610c857aa0d733d288488bd22c3eca6196a9bc5be091857313345a5d0cd4c14a14980987bd2f01b1e9c43df9e08ce5ec5bf05e341b046f129c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5f06138dcb8e3ec11ca08d81d1ff27e

SHA1
397222bcc7f7e268ea3767e1d62cc7ec35172dfe

SHA256
b657cfeec92a14f15be0b5210dcf1abae5cf5edaf5ea07940f54770b97a5ea6d

SHA512
97444104c3f40cc75bee2b33f8fb009e109cbfc46555e80f9bb367f61aec5376dd9b338a31d575a0d81ae9a3ba371a3d558603239f35f49c4c19a49ea948102d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 49169.crdownload

Filesize
796KB

MD5
fa65805dc79caefec703e1339141fc65

SHA1
9f2480739aac09dcf254d87f5f63deaea8296404

SHA256
d122b76e0739d706b0c3078136fd05d55e92b09dca92864c66b428fa8c0da748

SHA512
b2fd9027cf118727dc5688912a0909403afede90a6efcb5e616dcca575753b82a85ba48f3d08b63148f5c5795d1af35f69803dde2fef358f94dd367ec55f1b63

Download Submit
memory/1356-443-0x0000000005680000-0x00000000056A2000-memory.dmp

Filesize
136KB

Download
memory/1356-444-0x00000000056B0000-0x0000000005A04000-memory.dmp

Filesize
3.3MB

Download
memory/2028-413-0x0000000000F30000-0x0000000000FFE000-memory.dmp

Filesize
824KB

Download
memory/5164-1059-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1058-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1057-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1065-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1069-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1068-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1067-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1066-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1063-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download
memory/5164-1064-0x0000019B4A9D0000-0x0000019B4A9D1000-memory.dmp

Filesize
4KB

Download