hxxps://github[.]com/Endermanch/MalwareDatabase

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674943935528623"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
3180	msedge.exe
3180	msedge.exe
3032	identity_helper.exe
3032	identity_helper.exe
1884	chrome.exe
1884	chrome.exe
5136	msedge.exe
5136	msedge.exe
5136	msedge.exe
5136	msedge.exe
6116	chrome.exe
6116	chrome.exe
6116	chrome.exe
6116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 4652	3180	msedge.exe	84
PID 3180 wrote to memory of 4652	3180	msedge.exe	84
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 4320	3180	msedge.exe	85
PID 3180 wrote to memory of 384	3180	msedge.exe	86
PID 3180 wrote to memory of 384	3180	msedge.exe	86
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87
PID 3180 wrote to memory of 2588	3180	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce3446f8,0x7ffdce344708,0x7ffdce344718
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6443494666891376518,17867684261618995440,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdbf2acc40,0x7ffdbf2acc4c,0x7ffdbf2acc58
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4408,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5076,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4376 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3436,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3252,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3264,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5400,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3352,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:2
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4844,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4076 /prefetch:2
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3304,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5664,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=240 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4360,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5588,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3204,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4436 /prefetch:8
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5628,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5348,i,16553324234262150237,9955703166940275496,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6116

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
30KB

MD5
eb11bfb369775ff0739dabb3a5f379cc

SHA1
2eebaea2f7080c0b256fbfc70ab91473243af0f8

SHA256
2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0

SHA512
59e89752e932aade54d5b2b940e09f3c8b12a836f1c5eb515e82036a97492f42e12a4fb3dc156cb8d969d6cb4e8fd8f18b358715f972e12d4596ad390430cb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
30KB

MD5
a612e57f116a63441f4d9b84dbc2b4a9

SHA1
d6eaa809a447e20fd4c1eff453c8dd36bfcf016f

SHA256
a4f4b4682c83b7dc08c842646abf72b6c59204965c1c1bb329e06ca52de2f9f4

SHA512
41039886ddcd45317d59d4e98d3f26dc9575d9334bd7f128872dc9913621f2e3edd64e9d8c1e9b30f72592ffef8951fdd6fb50a42b346efd51937f646de27786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
164KB

MD5
e34495f50368d597c2fd609cf9b24d7d

SHA1
f7b502a47017bd0a5e522610c306d0764d527ee8

SHA256
e13e26be3b37b3bcd0f2c8cc23866c95e728514822586811a48df83b185a2d7b

SHA512
5f2428e5d12d1f31e6193d62e445f3c41ebfe8de7eb084b39f627ff87f657f3007eda7a6ed964e23c0edb71d42f3d337d31d37767590dad667ff216dbe225ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
75KB

MD5
bfc26c81ed589e396d61af4822bb9f55

SHA1
aee43fe5f0d079717ea5408a66bc9df65f8f85d4

SHA256
b2305ea361574f0f78d35ad4e2452d444cd81f9347aa30ee2cf2acc165f9a60e

SHA512
9ce01d28a3b32e7d5fce73deb155ae73f9c893d406c6fdd5b6f7e63a913be9856b533c90c1f3f2c074d64b6ea96fbfc597a6096f0e28f705125ec83c6016329b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
21KB

MD5
fe150b6388f5c8ecf845001b2c52143e

SHA1
6d32c264ee2caa41e1f618f6a439e593ac7c8f21

SHA256
6bc69b6d0dca1e162d63f4468d5a0ed8d87c2279e9567c95a346508ea07628a7

SHA512
410d6c4ef69d92feea929260d91dd4bd56d598b897c693b7b9b7efcecd6eaa08383ce051dd1bb2d89db3dbe9428478c61143be590eeb074e331c7d52f5cd0bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
28KB

MD5
b7e87e37ddc6055d67c8363ca5d15759

SHA1
e102f07b67bc9ddc026bbde184b5597ea3e74c40

SHA256
4675a1ff7382a53722e350b1186164a9e712c7c3f78adabf96a8eed914e2ff12

SHA512
f260c9d56ef3ed7a2dae0f954a34ff7bda61c14c5c374a5711884471bcd8581d9bf6ec606fdb146dea1d5ac8bc342a469c0fd9a60193c1a7fa7cc8e190dfcdaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
53KB

MD5
98d97ede9f56343561e72346a6c650b5

SHA1
f565a86605d2ca8f6973a8178df3febbf1741b11

SHA256
ae6c34669b80ebe9dff447c1d5d94dbcf59422d97decf924d3082c44aa56c7ea

SHA512
9de1ab943da3fabae6786f205e43552df4a5fbd5c9a0e386722ce320157c13684e4d76264783724a165d42672e4d1b1a5ec26755a4299834dc1ac21407546a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
35KB

MD5
bb7edd95649a5255f8379ad3bc77a41b

SHA1
357d5fe923ffffbfc5de66b966358f595eb161ac

SHA256
8c995ccbcccc5e7161296d889cd6b6498e2f3464a20a7a169f09982d2212aa90

SHA512
ad432976f67b0930620252dd09a7b3ea9a63698a7ef4ea0cdac0f2f88f29a82734358c3f75ec35f4c6bbe8d9036ea027aad4b839ca0964bb55341c20c2037f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
28KB

MD5
ec4b486bac1f24af608d3ecf530cca8e

SHA1
8984de20e9c81c08386404443a26c50cc4c9c9a3

SHA256
be5c7ecf935bb2ee8edb6442995f347f75c0d5851e8a9debdd076abef4ee56bd

SHA512
bde576f2c91a09ebf9a5faf35d33114d6f0c4729b2f5b6d199f1fd9533f87a4c4efe3c5e819b872701c36e7f2eaf90a64a6344bb021cf842d96feb9372e03877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
89KB

MD5
866803868e1cff1a3b3f17c9d6f68baa

SHA1
8b0a89c87b1946e4532f82657174ef0efe3cfbb5

SHA256
cb76e9b9257102ff9a92fcfe86fa1505ca436e9472331da97a8234feb8d6521b

SHA512
0badf4670520d51638b5726b166d8373b6fccde57b41685c9ea1e69f9ea9c712fcf45d064c19acb86d7551488e1cb1eef1a3adcde27b4bee1dfd8b222b32d774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
109KB

MD5
7b531debeecb02e3246a1a93130ef21c

SHA1
b2f29634ab1f0b5b029af7efb60091cd71a02b26

SHA256
49bda0516d180715b7849be8c8da7398071ec4de4164c70570cfa215df969b1c

SHA512
6a1e1602e910fe9cc070029798537cf69e6465bdb7f5ed0b857778eabffe2aeba83264b5f423fde1e750531eb585d4ef1d5ea18349494cc296d94718954f4c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
147KB

MD5
ef1537c8e75ca7277834aa5af7c33bdc

SHA1
344508ccd197c35cfac7e22e7a49dc6c9cded19f

SHA256
b16a242d915a7ac74cead9eeeb6d6bc4db611bdb45c7a71ad7682ac95341b65a

SHA512
3af4c44e0adbc149e4c95188915c75902bfda9e1bfe1c6f76c79ca24c3a9e604a56b90cd8fc8cbb0810e055ae0cc7cae9956eeadf40fd2c4c828c97c9237592a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
153KB

MD5
ef33c03813e512f36e55a1291abcc590

SHA1
821d54b180cc27129d067e71f7ba0d39cba25413

SHA256
4a3b646ec5d15b7c5adbad44b59f09a196bcbb503ebb31ac4482dcfe5c6981d4

SHA512
c1afaf5b4524314cc9f1465c08c27b43fe42ac365b58494c5b17f7cce2b864b15a49047471c49e70099065ce5e49449401b88265b7d7f4c49de2a3c0615a7f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
230KB

MD5
fb851062916968d604c68b77362bd6a2

SHA1
44a6501cb413c227ba8e1b0df2ce55dc6cc77f31

SHA256
2ad2273a58fc6fe084947b1bbe065e92ce690a0e4c9b5a3fded90f5fbe965e78

SHA512
9e8c24c62ce8cc6c3ee422a9e2fa71d5a4ea8f0964e609c0262ff6e9daa1d1a8f6a811bf0315092185c3736c7d7fffe577d90b4b67c81d496f2e3e7f2e7cb2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
38KB

MD5
f62c23cfaddf3f4bb1450e304bd8baef

SHA1
b6f050e8c025ea9341b630c2a00dd532257c0af5

SHA256
c8f85288f5afdbe5c3cec1d15757e87a5e98818c320f8d6401cc43cda55aab25

SHA512
6f2c2d8f98bb5784e0b12ee2932f6ef2f8191a79515b2833e4dcaac4facdd996fa79de1620c3fb57e37d473839703adb199592baaad9480a936957bdec271f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
71KB

MD5
938e640dab142a9fd0bc386b38973795

SHA1
0fa6d957bf8c78abd587069bb6a44e61d6527a3f

SHA256
d7cd5db9e91fb47a14d82107840b2f535d65ff7e45e2bdbcc10ba9c52185675a

SHA512
0f433260fcc49afecca678d7a0c75b16afd369da53c2edf7580a40e1260bf12f3922cc399e7f8a7f1712a968dd31cfc5cd79b6b705a346a58b2eff4036dde4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bb0b187306eb5077282cc2c6330bc33c

SHA1
ec352da7a3272c5096bb2dabab3e05b7143ece76

SHA256
fdaf1c8fb00f08790b3ec1641d23f2e7a0a66724ac977611e615c99aee74022b

SHA512
efe9fd0c965f272baff96a4b447cbf66ee4b4f94967fb0a312824daf7f2d8db005f3fbe2b78e5c00cea6c59f75f1bd1e470b847d10eecd6b687ddc9ea2a113a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
827f5fe8bca5a0e2cd0003c4413a2f64

SHA1
8b035d8902dfd48a171a94555e52cb129e2fe80a

SHA256
0365b4b54679e038797d7c6053966cdec283247b18af65e891175c34313ee58d

SHA512
25f2af27c19cd8f6d2e8499d0fe6f10a6c68d230da7f9a12f4370f76e86708fa3c0081f6bfe7d8d482f6cbb1e6a920de9bb0af051760ef36779456fb9f8de2c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5db06ac34a8e7370675d295a9d847db6

SHA1
97dcfaa238b07dc7f7a90918832358be5e4a40b8

SHA256
3a04677f3ac280893ee59ec8a8cdc301ecae37acd93758a45b2955aefd3d9de9

SHA512
7ff9c452f48cdce61f6cf262626008f123155047690c8d0ed1974c26a4776b07ab8cac64d0767724c7b3446ad7a02f68de4a4de1e2ae5796018a6b422e77b03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
236afdf4e63e0b1e7b6af8cd32d680af

SHA1
36c1ca6024e14673467a7d3a4901c5578d1290c9

SHA256
6f55197e7d07abffe32549fdf5a119da90b83197433146ba182dfde6c8f701a8

SHA512
e3e053fea892e6d47aba42a64febf4276709af69abc5b514cf5989580c19ca9bec8aa17cb1de67ddbb8e2edb9fd8dbfad1233eb8c5e55350f7c4b3ecec83115a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31dcbe99f0ae14aa1286306bd94993d1

SHA1
a7fa60e9eeb3f322866b17fb05d8e32d0f3cb450

SHA256
f13bff006466dd3d0407945730397de977e24e7eea06a2879f142f72e465e710

SHA512
7e3ebd68a3e7831dd36daf9ce0cb2c08ef73701682333372b6061347376821992d0a3623d1ea023ec564eaf858992a18cc852b8666fb58368ad0f1da6b659391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
39ba0cd86e67e49b17d519f3b562c4a9

SHA1
79c69053fc1f732f86b0d0ed32808f6efd46bb8f

SHA256
2bb320ca18d39f5d7bf1ccc0be8edab4fd2c23a90ce39c29822cb5c7e0fd08a8

SHA512
934dfe8135a870b8ef5b2bd68945b0504717a18c8bbf67bf0f17d826963ba35c4de09aea52f3bfab40bcec2c6337d67de2caf43f46931447bdd93acd99b0ebc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1fdae7f8abd5319495308a05011e44e1

SHA1
c399139783054c45fd64f985331ba1d9a3791f0a

SHA256
9e2bff01814f96784b43fe1fce419f03a560a851d8152430eda7a392340388ee

SHA512
626cc8283cd2f3e6d7ce0882e95e5f51ec75f3780785a7fb2e47b09ef1b02247ff09f5dca86d6696a7501e5a0d9482ea6a02cfe1831adbcd929bbc08e2dfc3d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d866073eb53cf5d6c582888a30b3019a

SHA1
f27f3b0f718454b6ba3f56df13f6de46241794ac

SHA256
a351769724cd22ca2dc7be331139f49b19a7fb155ccf85e0f9dbc3e89ebb6446

SHA512
6b35fb686a8225193c58fb7b0c19d63cd7c886f49fba4ae27365710c4ed8272c4818ae8b37dbe053d6ed214f34d914e70e8ec126553d514f6dc7e34e9fd346ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a1ff082de5069631b5de979d3b8c457a

SHA1
86ea2afecfb6f420f471b481689ef75021d39fe6

SHA256
6b33f887d09bfb7533fef7857928fd1f2f7de5db4f736661937f0fb310def57c

SHA512
3aa04d236c67de80cdc779cfdf8c2d426da86020539d04812cefd1bd61b62d15799df561c3d96fcb4ad986e04b12fba98abdb32c978f064db1ad09fe2ffcedc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
addb6982ee1a4065c62cabbd0b79b310

SHA1
0c09aaca2a7a7e2b2db17746dba678175c607c7e

SHA256
3477586f7d99d9d9a0951d7b114401675abc78a81f413b624a938be9b15372f7

SHA512
00484eabcf94f3207aeaefc33194bf4e7c9ca82c3b39038ddfaf3c3491e85b9a66d9a5d3dd1807c0fcd06b0790444a2f65545ced305fcbf13f39baf3c5b804b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
65733a686838bbd899cc1562e23e9ffd

SHA1
6119be249a35c13f5b094a7ac3b2999d4c29893c

SHA256
ee4c3dcd1e5870e42d98f19ab2c30f7b95e982b3a6ce06d08828a1649d2e2905

SHA512
1925a3e4f8b94c0536142ea3ace30a762a2853929bd7425af5a34117725d19c7c6b0411bc5bff7d204271340563bf0cac7362913244633aaa7d554dd975c109b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cbe4b353b8b89d3b05e7e98a5741193

SHA1
a00bdc9e6fa5ca34718b0be04cc05f89996e9713

SHA256
e94118bc25c5d88c6c037eeb9dc2f466794568b67e29209ea5727c151cc25459

SHA512
b5adcfca3db784ed865debfdc78e4d3b53b9dd131d4640e3b43dea2ab17aace9c5514337328b692a503b0d6febf49f01bd0bbaf454ef757b990bf2877b09902f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d385559bbe2e8a668a3ea2e0b78ec70d

SHA1
df511708ddfc8449af393a5a2c44aef28e38cd40

SHA256
c6c7ff280549b58242efa2257a540fc1351265c6ce24fe4fd9d23b38e5dad211

SHA512
7250f6327251d0049d7232fb50dbb742b085bc942b7b483d13577634e954e65ee5342eaa13bf2d4a70e49842f372abb31bc5bd88541e1798491e179477043d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a590b1110e6409f5ced148e1ee565892

SHA1
5aa280ba663bcbb5b4648ad555767283d060d505

SHA256
09468e916938a05aa7d52c955fe9f039cc04c38b6c0189f5a0133da2d9977eb7

SHA512
5174e6123d0ca85f3dc5247e208c4659b00acc3a4fa85101b4592f87279387395202cd6276f3e31af063b996b130cd59752c2ec239c9b7215690b2057bc6024c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f40f751582a4fef6369c0e07cd96f3cc

SHA1
1fb4b001917cad88b4672499b4396c922be8595b

SHA256
b2cd7853bae886b144397b9426585d328ec465f74aa8c91a783bac6359356147

SHA512
bc51dd68e53ccc01ae28593943e8d9eb61e5535940f6b5135b8a120faae30cdd14920fc3d99a4a464a0a4565665e65f8404ebaac4cd68702b116eaf3a49e45f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b8e4a27220710153c50080dbc2ca1f7

SHA1
aec49dd543eedb79d9cd7e5426e78183b3170fcf

SHA256
f715940c8ada050577a6576eb60a9f41cec31fdaf28b93646a94e2fcf6710596

SHA512
0d153248bbcd3bf081df37c4d8000be006835bb9676564950b7160efb28980aa6e0b7d1a8d88c2b55f77f87d1bb4ec05ed23edcfc656a890a2df7e4c56ac7a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a143e6dd38e638edce446196d7849af

SHA1
57892ff8e12a2f640873eee4f710231dd0459585

SHA256
d9b9e2ae4c00ea0821f2a93146f4f7877447d1ec1e87dbcc242d5b642dc81c32

SHA512
9ee5ec2d8b718a85f102f87e27d528e15c520c22c77b440d7bebe927ac3eba47498d3d91fde412ee34235f130acc571775b534c8aaa61f64b82ecc504d5b75b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e452f853f0c3081bb061b83d775f52a9

SHA1
7aaa98fe1b5420574b648b98d66e7183ec0b1f19

SHA256
74150e3e3474cfa1fed82b9a5ee71da7367d7306f8a94188e330c29d21838e30

SHA512
c3041765a6f8f6fd16fdffbbdce6da4df21bb7e5c0f017d86664cda45f68800756a862f915e37a1389f33de35ba4a9126f444056d6b165faaf59ddab00e09ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
549c6887c8be6251b9a055f702286174

SHA1
495958f09eaccbf3cb7111d3b48c70089059fc2c

SHA256
39df8a655167c6ccabca0140239ebc312aba13839524d56a7e1b625985a13179

SHA512
6fc4efd34ccdb5f99349d28f8467677daab69253ca33d23f599ebe75868b48d8a4c08116d30595ebe2bc17282c4c6c1f5685a8dd6a6ae1b95ce76b953cdc500b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a2568cb9ca7310b5aee3ffc2aabe62b

SHA1
2bbbed730eb26d7f35d0944e834610783a4ab694

SHA256
ca8cedac9a8e2e816967ff83dd0aa35454b2ed453029216c5c52b7d196bb57ea

SHA512
3e90d6d21bda376d22195ed572b5b088bb07129962e32b446cc4eea2b7cb408792a1f314d03a93dc39d0eea32c637288c0779f07378023a2914c456c04f335f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9bd1a0a73fd03c55e8e513012ab5c753

SHA1
3cef41d8a95e1148c8de4e4cd2349affffd9f843

SHA256
077196465a196dee4eefc7aed1001c84d147c92580f82565e43260b5b942b7b0

SHA512
3a0866ced1c84a564971217685f76826ba706ef681fdab7571bcde6ce5f653c997279e27df33597a224e6c5098fb442932d7189161bd09b99419620aecc61d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6701edbbef792c712c37bc5233cd9d7b

SHA1
56cab25d07dc34458d6cc884898492a5156d815d

SHA256
6ebd280215090794bfb2f4f0bef74929608cc496b15e0d28aab14ba331e4fa0f

SHA512
a2bd9c6ef022870937d62b230e9d7362ef24f69cac0b23e4c442c4114b0c637833e16b4428fe108bfc84251e95a0dee95541d9ae960fa79660a629aa5a81d8ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94909f55c276fe0688892c4cfceb712e

SHA1
96dff95c53cc498e09c872eec9403bea1f04dfb2

SHA256
d88e7830c70c4de08615705cc29e103930c0c5380fd644e8bbb67c9d6def9d69

SHA512
145f954b04514d74f679854e0706e3bb1915a7f9c8e5cd20c8e1d849247fb7c10d3a1af2e2930c300be42b3e6199a596785a4d768f09d6a40222ac882eb6a94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
50f36350c4d755a2f906ab1da6b8306c

SHA1
a3800aae81e7b72346f9bd095644ead8669fbb63

SHA256
ca0b848d557861f317d37c16264751bbb11180b5193711b991fb3fbe62f49e75

SHA512
bb676b410aed82305c2b92f3a950cb846248b95db865f1b3f530677112e5016d2be024c500f326806f5c5fa22c4727c4075f2f653df926da7da732aaabb256ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a0aaa483-f034-4614-ae30-d9d31bfd3318.tmp

Filesize
10KB

MD5
a3bd06007243586f9a5271c19490409b

SHA1
0fed3d83f98564cb685b40cf6f2c5d25f857a32b

SHA256
2aa939a7a83b1b621cf11d6ee96c5aa0a998bf934014de6dbea761a44b7a9380

SHA512
4dd6e25413c4ca3ff30ae1e736f63be77b08f49e5fe1612abdca61ea1832ab11e45829be580a91491afb259d948e115a7916c272155aaf27d54500a2890489a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f75be76883452040ac8a434bb0b17a46

SHA1
bf70b31f2cb15b0e46da2a450a50847c00cef237

SHA256
cdb4a64c2b54e435ce910c15f35bf1fc9844d59fb0861a6c54cf043004a82799

SHA512
5888b339620f3717929f372847c3cd18abe350f7b74ee4446a54a9b8c4f85a3cdecbc9367883363dcc0cdde11c48c7e6ad350ee716d7dd92c1f7dac154a78410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5eb9552989c8228677d9fc4a2cb8950a

SHA1
a58f673a620979606be413d81e3b1978a94353b1

SHA256
f10692d2fe7d6aa23bdc0d6dc85049e7893ce35d9aa3bedf74cec4c7772ea5ba

SHA512
ea6d1106d74db4a0c8ae276456c8de23e29806e351e85d62ce2757dbb97b9028cdb728b4c8ecccfe32cd73cadc7be8b8972e9f7eaa3776975dbf86e38225fd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e814a55221029abd59776e8dbe34717a

SHA1
4046e121fbd24c8e06defe733722dc9ec856d80e

SHA256
99fc0896d2ae24837a59a89b2a17bf3647b9cb0eaab30769381a10134d6abfd5

SHA512
2675b7fd3d06478152aaf2c475a055353f2f09951aae0e6c02d2407c42a36fb27e25816a6579db6f47f9b10a79049ed9014ef0c2a06473de9263d1bd4011013e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
29KB

MD5
5e4764d3c94d1a1db8c3d0890278b6d1

SHA1
e5171f2f46e16d32df5f634ba21e47256fa9689c

SHA256
5077e8927721a6a3ae5d78b456b7041230d627774a0a319beebacc88290b8328

SHA512
24648e47c395fd970fdb971b35e6c14cff1ad1808d84fc47cfc322db211960e6905dbde37e14912adb61eca3cf30b71d3b50a0f01f2091397eea51a1ec4437fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
e1b3b5908c9cf23dfb2b9c52b9a023ab

SHA1
fcd4136085f2a03481d9958cc6793a5ed98e714c

SHA256
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

SHA512
b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
16KB

MD5
d9e50817153a7053ed8441cbfbe9d3b0

SHA1
6106180d7e3a0ecd4c5df0b6b43185cb29e1024c

SHA256
88d46b63bbaa80d5fb80c30762c03755c8abc3e56585ecf69cc5c05af174c1a8

SHA512
e49271516edc9a31f7734a56eeab923bcc819db360a611c3ae858a7c073ac109931cdb5114c7541c7a4b2a54521226d32d34b916f82847a5bab861e49c556eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
17KB

MD5
448c34a56d699c29117adc64c43affeb

SHA1
ca35b697d99cae4d1b60f2d60fcd37771987eb07

SHA256
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

SHA512
3811804f56ec3c82f0bef35de0a9250e546a1e357fb59e2784f610d638fec355a27b480e3f796243c0e3d3743be3eadda8f9064c2b5b49577e16b7e40efcdb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
28KB

MD5
83360b802f5abbf01695bdd9abcd7d71

SHA1
24babfa4e0b5132eb8967861242dc1612bd562a5

SHA256
0bfff75ce86f544f566c684da0b0ede97af5de6d6bdb068818f3c533a5ac1c4c

SHA512
e79a1071d73d8a997f97e310a31b0d2112b1b8757d62c80a9ca7110a817111fda39fac991febb27e19e021545fb779eaa13f24c3a616752aba9ae69d53634e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
175KB

MD5
24b4acc557228d250778437ea9b7817c

SHA1
2d2c65fe0d93a0ada1df4a20d26b950831bff02b

SHA256
0fba12d1cddc5f43f391ca5fa289e47d61fff34adc379581f87fe4388a04b8a7

SHA512
0135a1e973006094e1f51d958e5fa306f33209257850fad177696b3e41b2215d046eca8a59ec383a3589682b8fb28b51bc464df10353058074fe37c83d1deecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1024KB

MD5
66564997fc11c2ea9d795bff324e1681

SHA1
e9bebf8d9aef7712e0d4994dc8f958be7d9216bf

SHA256
449758bf4d051e652f04045422b76ec11057fa277db87a285dcbe5bf28602af2

SHA512
159c690db900545df9c309a2186c54b678c51ea65af861c1028eec9581905e565452da712d1b7407527c428c4700e76dc04d102bf587fff1510b11eacd936ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
984KB

MD5
a90e5bb86f738eef91d3103cc71f50ff

SHA1
59729472d1a2e354117defc91284062dd8da9e29

SHA256
6c1ec5b91e8a21437adc3112152545ddfa9bbb3a4979d1ed3b2f2da5ae73c9ae

SHA512
48fc38d8b152245755dc38ca48f01ac1ad2b9aa0e204e4f3377ddd9a2fe5dcbe461f5538f78b03c406ef623fe4067b2111d309948c89ec144eb2f4a88a660b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d47e5bec0aaceacf0374220210390e0c

SHA1
7a4043dff12adfe7697b9ea6994ab7315f909d74

SHA256
a2e9ea0b22245891e4cf67c2960d20e6aefa018d17f3741c8e7b9b40c9ae497e

SHA512
fb3fcfb93b901e048dcae8d603a375eafc89a99b7a02d1521ff4976dd9b6fee7cb60477ad5e2bd3e227d207d8d43a2f7d09c1ae14c0745be219b4506c5035591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
60ad3e7543461c5c04aa3ad456284662

SHA1
efd4ab4046407377fb0f0a1c4083e6e9d6b2fd0d

SHA256
b254dfdac37d4336fa5615542a6ed1f25f04351ec395940c3a1376d22e7122d4

SHA512
ad094b7c15bbb56d47196a1fbba199683c53dc8fa1ea11e210d1c4394c1edf2a44f8209e93d96444ed037f232a22cac09982e288dedc2cc86b64e2c19e52d894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0347741add0ec7ec610abff3e749df9a

SHA1
ef0ffb57df06b2ae6dc8a53546a961537832ce55

SHA256
55990972b017586af6888d011088466e912451d91a300aa7fd519e26e6a749d3

SHA512
cc980c110058e4fb453f577f527e67270ae02ecb131f7c1849be51739c91df0f0054d65e7ca9ae9b4a2a3bcb668cf00802626484062b0bc681b0cc407e87a184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2c94a933e0f7d822a795d6e3fb41a22

SHA1
7ebe12aee9b89618ab6e0992c8c1c2a7835893af

SHA256
6c1887c03fe38b3a0460e0434b17aebcfd0f8c69d75dcfb61cb43ec8200534ee

SHA512
6dcde4856f3a52bc472511c617d74f512dd4f62d7c74faeb3688a4b57150621ce8c429e695ca337f91d8a91282f702468513c8d615ccf87431a32ca58a1df4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51dbb898378a5eaff00fbf28f6c55a29

SHA1
eebacf2489ed41a096d8ad71004fd6c7afd2ff89

SHA256
115cb0d9e9677fdab01d7ddbc5a7993154eb141332763ed7a990a2ba49efdd2f

SHA512
30b2ae2d2d7ed1aa9be36e813cc5e7973a666b63275a1b73039caaa0642bd5ddeb40187a57e75a8eb5af63145fde3ff2feecdd3541bfc1669db67039b43d5982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f03b9baaaeed1e15850f59084d809ad4

SHA1
c553f4dc9af1e316e5635ab4cb700e91eac258c3

SHA256
0db7ac324f5d047f2904ac8fc8a32875b37d388549c685342dbd2d52a5183088

SHA512
572483a896a38a648f86589af43ee5bd5cff2c6212e33b4d60437b657183b55fa224f330a71e925158853a772455ad25e19210e28d47ff49353ec6bd5f1fd4a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0da69787c545ce474012f846ac06be4f

SHA1
88ba01852642284092c8aaebc8522fdf38e2e4c8

SHA256
1862026d998ba9018510fa3d17326af15d40587d68a3bc4f593571e04d62106c

SHA512
59e44afec27764fe24f0f99a98b73311c06458c8e57e421e5ca1dfb572e2774be68531e4404fb21c3700c0217cc5dc11e1643105d1a5f3d06c236de4aeb8342d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e33ccf30b2cbcf2ad68045eeadac4f6a

SHA1
04eb9e5f783190e39df18a2c190621a951999e86

SHA256
a33cb58649658d4d4d0a21a89fab81407014173fbe4e6adca89c84b860d5bd0d

SHA512
048459c4e0ba55fca39753a69803bddbadb6de8e79c7a85e24317685eb49c67c3ceb32d01e71c95cd86e56fbd03d1f3023115f6063928cef2dc46ddc62c2b7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f11f4a54317d0a019dbdc2d465d1d8df

SHA1
7a2f91ec85aa2c7b3f64c59ac5e419efb462ebf4

SHA256
1606e9dc2f85f903ce1277da08598f32d5c9452545b2c9916ebe58f49de73a98

SHA512
f9371b890761e6bfcf005634e82e9febd2ed06d0e6754ac4063aff95d088097252cdf243deb5baf940e1205512b96d44995dc397001cbf2f99df1c83fb35f183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4e71fac47f11ebd8f1cee8ce33d60ef7

SHA1
18ad191e1465641d04e2aab1fd84a3528c1c180e

SHA256
d3f2375cb0a72b1a111fcf3b9c5f05bd14eed6723525bba2b7e0cab75d0dceab

SHA512
e0f4edf0a7c254870f35b2164325da014e742ddc1400b629a785f8d53e8652ccb363892fa0f638149602b09d1d66c71121a0f2dc787edb79d41454aa4779fca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
09b7c8e49259720ff562d06f899a480f

SHA1
0d31f5bc9660d3d69fa6c520d2cea6d3c1b6b129

SHA256
ad3cae2c7620f27d121123541fbc311c493f7d76fd8c4a6b10d5aeb415ae1e76

SHA512
427ee88b66610493b87e06bfebfd37cdf6334e984fd80e5bd8b404bd4154bdd42760382eeba3e049b605d3b07073c7dc2f30cdbf2fae2a8cc108c0f83ab9c565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2e1996abae58376191f99e9f5ee3973b

SHA1
0d39e4988c0cd02f42a1f9c7b3665eaafa405daa

SHA256
3d21cff3f617a12a22804ce0aced25b61f07d922ef8a531fd2eeae4dd7d8ca5e

SHA512
ebff9f4d8a5e56b4a79b6ffe876729b925636f9d38912e1790af12387c4abac3b21d94cbd73b0573e8c24960814d04220d5affc9e5c17fba1444ebf5a9308100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b1ac0ac2ea46ec03f9b41f17756a444a

SHA1
a54dfa9b3246588ba36d11d50adc21a6286853fa

SHA256
a148e81ff067a898eed7111dd5263b328f5f95999030d987099274a987b9e295

SHA512
811a0f2ca9b9cd82e21a4d3d95f8b957e49075b07342877dbab169427a0409ad0e14c403757caa2e879b2fb03d5e41a1609bd4e3e174b5eee3c557d1bea72ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f3d6.TMP

Filesize
1KB

MD5
926d56eb9d914ac518026ee432624691

SHA1
58b4f465595e8c40a3c75e02d4ccdd06fc7a3610

SHA256
059eabb858194985003bb295d9ee643c3a142d8d487be3a35c46fd84696590f6

SHA512
0c303c805569a747ec3689af587ba01d2b42c22eeffb72414b900a7aa910b629ece06d75c5a9f4ee7c4ca922f57a741bced663b75e3561281279570a2e50651a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8538a2962064af761f05281d41572bc2

SHA1
180ace27c06bfa954b1e9932c83db84a73f4e643

SHA256
00fbf2cf5fa01b600de860238a73a50b681eb5fafb4c7f8a5f42cc97f80e090d

SHA512
1742f2b0e2bc824b6a7f3bb31308e1cd43cf04addea690147c138f1583dd8df64e21baf3c49a3e69ad3f428397c32793ed37d7c1db163317d3e68e5366e40b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd66fd1ed9b7f6afbed37c9fc08a52ec

SHA1
e02b536d2f86500c4faa6c29b9d1c6541c40799a

SHA256
bd66e511558199cab78ebf452eec664288ea76ddb02dde3922bf0057c7ea3d46

SHA512
361b0578878e0e4cb551caf7488ece2732d0d3eb71dc5676fab563bbbf13f2c202256ddaadc72bbebae9ecb9593f3dba49591e2e3959d9f3d3b22f9106fee941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f301653dcbfe26aac32e80996151df17

SHA1
ce1bbb4bb4dc28d3245c55ba1176047a47ce7f9f

SHA256
46ba1a6266046e806bbd51ad81ff4a742e01b726c112b14610d5047bef443c0e

SHA512
99482caf3b612fa5d7a64c6ea980aa54b2767e4c065e2860f1d754406346a483ce6724073a66c8aba2447302cf653d590c50c91f1c860df7fa12653941172f1d

Download Submit