hxxps://www[.]mediafire[.]com/file/7yxadugcuiqhdb9/VOSSANOVA[.]txt/file

Analysis

max time kernel
211s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2024 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/7yxadugcuiqhdb9/VOSSANOVA.txt/file

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
708	discord.com
272	pastebin.com
273	pastebin.com
274	pastebin.com
706	discord.com
707	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133726009154519407"	chrome.exe

Modifies registry class 53 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b52a8368d7e4da01c820e75bdde4da01f3f3e1d21817db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{83959543-892A-460A-8256-698070F72D96}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5588	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
3244	msedge.exe
3244	msedge.exe
1260	identity_helper.exe
1260	identity_helper.exe
4408	msedge.exe
4408	msedge.exe
5812	msedge.exe
5812	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
6680	chrome.exe
6680	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4524	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: 33	5396	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5396	AUDIODG.EXE
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe
Token: SeShutdownPrivilege	6680	chrome.exe
Token: SeCreatePagefilePrivilege	6680	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe
6680	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 2360	3244	msedge.exe	82
PID 3244 wrote to memory of 2360	3244	msedge.exe	82
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 1412	3244	msedge.exe	83
PID 3244 wrote to memory of 4488	3244	msedge.exe	84
PID 3244 wrote to memory of 4488	3244	msedge.exe	84
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85
PID 3244 wrote to memory of 4532	3244	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/7yxadugcuiqhdb9/VOSSANOVA.txt/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc103f46f8,0x7ffc103f4708,0x7ffc103f4718
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6816 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9928 /prefetch:1
  2⤵
  PID:6608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:6288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9032 /prefetch:8
  2⤵
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
  2⤵
  PID:6716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:7160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16742541333911798005,16638278331151749575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3436

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\VOSSANOVA.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc109ecc40,0x7ffc109ecc4c,0x7ffc109ecc58
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:6572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2524
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff627534698,0x7ff6275346a4,0x7ff6275346b0
    3⤵
    - Drops file in Program Files directory
    PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5152,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3156,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3328,i,8214496365940044270,13362904404604016934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4524

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\50986323-ab14-4430-a1ef-e4dcd848a61b.tmp

Filesize
9KB

MD5
4d1f07d630888afb3b59577854af1b19

SHA1
ea5660bd299f099e448725a5a568151dcb9611db

SHA256
69e1eea80c720af1a1429a527b25e1f07b4057800eed187afee35deea02c6867

SHA512
6fd9fe9b796a339f931b83a88f0bd38468b26511140c321c67d8a3af33cd6ed3d54eb53398f67dc44b7159e2d84fccdfffef5fd1d93e060d529f6e5e017a0e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dad789d345a03a9d8315feef3410e246

SHA1
037bd6e0ef19b9938df0c61b03b471868d8d3bad

SHA256
3a3fd2d0763ce883271a78a43f0ec97895b501f0497dcab7c46af328bd2099ff

SHA512
16719a7eece3329e4e231fd7c4f2e9fe7341c3a1cdba4f616eee5227762c4d5f42591eac42be230fb7ca57678d71a4463e7e959ed4f6c817ff08c89d38f5cdc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
890b94aa136b3c7b284a6447acce52f7

SHA1
bb90029cc584fa6ddcf9fa3681180408767265f2

SHA256
d83131db6d79a2dc0d077f68d40919d2cc1e7d24c1bc6149966e3d8d6c4b4dd8

SHA512
11fe704e534415b5ee96edaa236b9006c19403ebb38072d57ff3f6a3313943f406ee60efd6c863a529e93c18d2c75e4d1640a6f254747fe74f417a43d62d548f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1cdce43eca7ad5c9ce35b35f90d92103

SHA1
d5e2ddd90815e7d8dc99a0c3597592f463a1be9d

SHA256
4b8172f7b73e9df189cff0fd973a6a065edf987d1bc2d2c7831e97ce8ed8daf6

SHA512
290ba14150c3e4936408be0e5d34e65dcf4c216110f95466f410f805c2d0a21bc250e174c9c94578a1b52e28a94f273f771c8ba2a7ba55e215d07247d61adcce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22d2e2a9653b2ea5bbf8c4bcf0d3f3c5

SHA1
d37d352473365199e221c463a5969bab87fe63af

SHA256
31704161cf43db74a552ecfe78095cfc3f3558ed57bb6ba6b4df26a1d2cdab4d

SHA512
eb2a4608e3a08b48b264bfe2f6422ae5c659ef80ae2986e85bfc9aa71740954678e283430662244072401a95ef0d3f7b29cf0dc631375eb8a284694ff5127e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bab5c80a3b935869fd2765dc6d350527

SHA1
3ae7e435cc81c06d94ef5ff2ff694afad1791514

SHA256
8c6a846a62fdcd756cabca7810652660d3c3062beb9aba2466321d3d62cb4d94

SHA512
3a49bb3b699ba4df3279073e156944c45c6376aa39c3757dbb7d7c3cde57ea4af8ee6ce85f6f3378c6532aa4862c976fa3bb1592aaa915bea022c2f7a62ab89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
15ac04f0a5e6adfaefb54bbcbfae7d1d

SHA1
87a7af928a4771341ea1aa5a511e64ef0206e4d6

SHA256
5d5b104452f396b0812b3efb7040abc557b729afd4184e80304670086d526cb4

SHA512
9c90028364c5dde17869773c7314cd38857fbba5bb188a8f0b7a6f37c6100f4edf60cd2494af5ad15315e4bb13b6a2d8647a2d99fdaf973046aa6d510b8be3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
22KB

MD5
47edefe61b20751d8a4627be8bc0497a

SHA1
eea6ffd2e1f1b6e87fbbab83f5b2fd5cc81b79ba

SHA256
6bcaa27876393730459362c0f92a79075ee80c40d33d6353eca96aa63f5ebfef

SHA512
f011bed709b4be284a21ffbb4f9e294aa394492176d06c5d1cd95a67e9e43e88dc35382148dce01814a73cf295af54ddc647dde2d566f2aad675a4a4e8fb2cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
23KB

MD5
e569b5f6f14852ff50ff8b6020799f68

SHA1
17cdeb1d710c8011cfe932c31bfe0913373f39ff

SHA256
9ffec84a0d845309dd4c4b19fc797375f97ecf0773729cd12c7eaafae877e384

SHA512
2a41d1f2af7c1fd30e9370f37d1807bece58d11d3e33b9325e13062f9a3bc3b73ff47729a0a09936d40fc91f8af09f37447a20cffb3ff4b144eb7b42f63cd820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
98KB

MD5
d4e313f9d662779286a02ce8f7c92511

SHA1
e66870a8062f9e4fa88fcb057841ce9a9bd3709e

SHA256
337e5b1f9407e1a2a66b946f3d548a1784896d5927a742072a1d495665ce6823

SHA512
84afe30347aa09f29b09fbef0f10f1dd223d337ee16a33bcc23920b055a1c386df26438ee78e8fa0f15e92493b4546476b18fe8d78bfdebbb5ed97fd16877c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
143KB

MD5
74336024f79fa3648d2481e401e3defd

SHA1
720668b0aea072c7d66022f22398af19ff09ef9e

SHA256
489d106911addbfa4ffbba244c67dfc4ca1ace333cbcf0b355bd8ce2e0ebb7d6

SHA512
cd2a648b17ae2253968e7e6e6638d25b1fccf40800ca6f16cec232cfa01297aaa547b630f81a26d8978ab71f54e8006a14c6a01b113b01a800a83777060da0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
32KB

MD5
52126b934ed82f68aae3485161f580af

SHA1
28a2aa934b2c6d89b9d7761ae68dedf196c177a2

SHA256
28c7905952a433ed4f7e6d1653f3f1805789f2e6a915a814fde0134c47f96ec3

SHA512
84c9a5ae74c2c7531e8f3553607ea26fd4f8c6c28ebdb74410a19cfdafa5f2ea8d1cb92b0fb42bacd2d8102a07bf8368610ed9b1aef0713983348d61e5c2e184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
25KB

MD5
03b508e96f16f8ff5c8e5e7447dc7e7c

SHA1
c599009c8df338eec24f540deccdc5bfb705b05a

SHA256
fe5d9219830770f0954871cec1332c0072ae5b998c35f58c0ebea87d334be7f7

SHA512
7bcaca33eda97bcf0da17c8f23289aa5e6170d35780f6992daae8a63ab4a297e92ff3ef4562bd14af4a98b5ae23935a0942b387951a47082c0650332bd73eac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
17KB

MD5
3d0974c4ed8fdaeaab1ff8dd818f6026

SHA1
8a55726df6ccab1eccd6cf550e6f752c89b7c5cd

SHA256
381decd07a498ecac07f2523b29aa7d997090b39ecafab21a246f33748b60ffe

SHA512
5fb61ce9dc50d1b958cf5115c8f17c0c5c70113232ac2c4f18d4a231e6d80d4908696f3cfded1951ab43165662a8dd96f6f7547c60a3fb0c4733cce87e947ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
149KB

MD5
99e35b3b58efd89d0322af8bbcb87178

SHA1
dc72968c535925c4cc809c40cb96acaeca460dad

SHA256
5e0ad4e28e5d5123002dd3bc76a20528aeb619f5d0cfbe6c59e0212a09b53187

SHA512
e8ff05054a7a0b3271ed342ae98ba505bde3a140a6131c757641f73281b85cf50f617744511ba7e4c90518bcb83e44f00963109b705a038c68603627c0e925a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
166KB

MD5
a9195b5a782dc539c15d48d39c62f5e1

SHA1
c7cd77637e0a38d841bf1bbbf8e6dde670b3fc6e

SHA256
00de6173aa1b42f0347e5b427b5a0d929558e08d48da3aaf80c06cd0df06f1e1

SHA512
8f42bf0a11ad0307420087d1df9a6ee493f98a671630e74d7649be5bed09d968f17ee5b7345d59a6f6c3def9098473aac89ecfeee37bf05603dd07db5ef919f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
20KB

MD5
74d08f3e49a4210f66236f4e84564a65

SHA1
fc5232cdcc3689d1f26ddf1fd9a0d567b8cd4bea

SHA256
f224b59ba25e458e2dfabb559d1e338019bb0f82139768561b03e42d7ebce7e9

SHA512
ac233a8d6a6b0a2894c89b33b7c159acb1084a06d1c8956a337e1c235c74f635b42cf95bbe723b2359b3b8fb09980dbe17f11e46f777749883af78cf5885f175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
27KB

MD5
f9f5c08532746eb8dbb651c04f4377bf

SHA1
0ed6b5e1348becd4ca048e482ed6dc6583ecfcb6

SHA256
6c0fd820c15009c6fcc97301ccd217d783e43a8e5425b6d91f43fce3b95f3bcf

SHA512
43b78872700d9287bc6efc4d339fbfe022659cd8af69d4c40ab529ce5114fa3882e44d28d60e24bb8080c4d99cf110b9819ecfa758e2986aeff0fa4562f3a62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
76848294318bb6a11c1f9af78fbaf006

SHA1
e0627c2a7bbb6f9c9da47856de96b82b729107c3

SHA256
043927216f3e0a69e75171c396c5c84deec87ae5203c63f8841287a3cb73fc25

SHA512
28f727437ccb2733526d8a9eba0ac4564ddc0aea3238d16b6bdf6cb327e552da7ad9af84ac1a67057ef7bd7c07b07c07b61d445067de2cd903867fd16e017bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9ea22a3e502d64f6c00b56f98a7d2ab4

SHA1
0929bf88870e29eba49aa8893f1cddd4863ce6de

SHA256
fc39f8ce2bce8c6271086b83a4286228736887af1a4d69d7ecfa156ece9999df

SHA512
9f5a158cdc0aaf109065b7d23b2ceab755c7225b313ea3c116a2cc890da73a663b7dbe28db47dffad489163a9c42d52efcf01d2ffeef46095f96397c1cd9e5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9e767d8bdc5fcdd97dcef1a8822597ec

SHA1
9c18801ea69edf41ada32fde72c0fcf51263cfa6

SHA256
04fce211493f0e5120fabfe4c4b780fcc444b32fdd125cc4677df86338241a0f

SHA512
abf03d68fede600e893b57933f42c02ee390352b2e72850f37d18a96e252ee5e9eff567266c6285f0b9e66428131b1f72dae679d80cc01d68d9358bfae50a43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
c4ed51c5220f5c231164b1ece65cd8ed

SHA1
928e852bfe88b88ab42d822d9471473fe54e445f

SHA256
252762e189f713ee82eae279fc35684f0dfef2e4dd4dec4c0281222e9523ff2b

SHA512
262e50be257492f2029d2def8c4e56604090c26271a14da573ede7610b5a23e69fc49ef7fa14816b70cce02d13d121b8e4349c302c59fd023565ecf266928893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
b1289c9d1111f205a6561c8d47f5c7f9

SHA1
93a28e83f0f21afbbd6be0ea3a188292ff0b315b

SHA256
8c98a3b6dbee9fab4b288614b691a13f0a50f730984071c2acb038f2273a83fe

SHA512
49f8d3f9220aa6355c7ae77cc53a96d076b8b2e1ebf8bbebfcbce670749f06f052cf5a454b66b4e1be7403a7659580202cbf4007237cfbca3ebdb15b81155279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
492b6eb2ea2c2e2cb479270c919d9ed1

SHA1
b321ffd5ef9c04f1f7d68d41624079eacab17533

SHA256
cabf04d9cbcbe460339f349af303f0c6c09005a34314bb357f95334852aedd14

SHA512
5a208d8265b5a7420b0d5a850d13d5a316c79dbc91b93fe2cca134bee19012452a8f9a6580e68af6812926e13087879525bc7d5ca79d8783f3309538c4976601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
a7253bc13786335e5b3589ad9dfe2e0f

SHA1
6892f6ed22b4098087339cadd3dd9a7e496d5665

SHA256
929e04c7a590beace4f13ef340e17d3ecf41f1e4213bfbd7bae3dbaa152c8738

SHA512
54823c99c075c04f8dafebf3870417908fd1c6df72e3c81a370c6e77adf6c9841a0622601901ae3f55d336ae0241f836b833eb82d6269b77097d608a447916fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ebaadeae0a4b8e51c4eb8af45f6c6b8

SHA1
21fb6174ce806c0f513696b85608fbeff8a21a99

SHA256
cfcff6712e1a849efe0c9173be8b9fce46b43e6fbe02a3059184d91135451948

SHA512
ed3a22923a187955e0a2d484ba18f1e2ab76a195721c758a3bedb82b4e2846ebbf00fb91bd18e1f1a25ac2a159e7587c11ca7544012251c74b6ecfcfc8fc640c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8c5cfaab8ed836df189e5fcd3970af1d

SHA1
d2c0a69f85fe13e72cdd095b93a529d236dc966e

SHA256
81ab0f2c69dae01ea573e63d89d68b5eb624bbc7e2fe1e920eef8f3a51f1f606

SHA512
b0acef27c0dead50cff89d03562c3995a9d5330d4cc235937db0e8839f4a43dab13dbb97e090b2fa5a01e86806fa78a1fd5f786314d9a424756e309b8268ae6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
1e8e073d54073cc99d985d68a1509d8b

SHA1
5dc425bd0dc9cdcaa9e7b9fca848ab56d0c512aa

SHA256
faae4872a5fcaba012a2a07b3af66792ff40985215e5935c76f9c9fe2d8c5a03

SHA512
e6ef331c828c1f337cc9d224da84184800172444cf04b29b2cfb451dd5269f8d810b6783e1acdddac93aed2789ff662f5bfab1ec674d7b24215f5a1e6371298b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
f155ad4a9b8e1e7c32973556253082a4

SHA1
d8e62c01c85642adfb1d450a9ff637bde7d18aa7

SHA256
fb916c2dd2132da3bd1e057c6997ee9d580ba416e65aff773c4eadeb68a718ee

SHA512
2c51610246ca0a72b2bfa69496797b54321ffd36964bb4be050f8df6d264646c2b5da12705ec4d3a44f5cd016318a7b52e25e5a84308a92989f394db2ec73d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1c624ece52aca45ab81a3eb1cf4632b3

SHA1
853d62fc0acad0515f1479b26e0eecc96f8c27c5

SHA256
401977ad32f85d977576b924563121251be364c727f6089c2848e15c1a45ec1b

SHA512
a11f5e70a112b548e27c13a8e021c68143c2bd400e02b9405f6f6a76de220013a6ccf0c506256abd093308822897d29d3d1993a0819a77f92e733b10d7a04205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
1de7e9f8334778ca5b77d28472e5d78f

SHA1
22b2da57befaa05ce0387ec38a6d3f91e1e28958

SHA256
361cfb718640e5e89c26f84eba388a3f38db3ae7de0581e4da36b866c247a9f3

SHA512
f8845a7f3be41632d741386af3f16d1454cbcd18d1f8030c2aa903e97588630143aa0deee7218f7689e95da141512ce1345d77bb87c7cf6af23c9f251eff71f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
033b71ec6298934fb2389dba8c3afe9c

SHA1
6845ba9a8dfe0faebce5b949219053c98543dc5c

SHA256
03799f88d3dcc7c97ee44918b915d2c42a9082a3bad215c1555c154100373070

SHA512
3902e5d87ffa47dc4f86c3c5ad5e151dfcf033456c33a2081415a5d62890edfe7cc432fdaa9d4cd2d044a10044cb836763b690b2ada19216fcfa6a9bcc6f7abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
111219fb338a9ac8633b0b7509a1a492

SHA1
c6c26c3079d931fc2b77fb8e127d0ca70361e8a0

SHA256
159e3113dfed39f38c76d37c478e41cd027b467ac115f6b31056a5b75b8c8834

SHA512
50e9bcb373ca9bb50ec4cdc77464dc2f17d1c20a1ef89bcd456ab9c9934af65f19c01741dcd6aa64827f52e6273531fdc6d635d374378909ff95881975fb5f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
88e5740a07e5c5634bd46763e17a872b

SHA1
c99e8883f643cbd7f0a8d3360e15be5d7fb5e783

SHA256
1e6200c9a0364549eb07799dbbae3c103a2b0422c20608174d5e0c8f98efb041

SHA512
27dcebf3a3f887492dcf5dd33b1f9d12a4cf700e3b47ce8626b5ef0103c1290078f439e302238e66173ec3945143fdad2dd8c50472235e1305326ca6a36b7de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
27a00d4bf420c2eeeb1dcb32e74c296b

SHA1
03131daa3d89571335589f8326bdc0e67cd9f808

SHA256
b046a1ef8fc4d28bc468db37367615106de5179a06638eda27868e2ec4779539

SHA512
d66505e07ffbd6c6568a08f55ffbee98a74a630dc0810b56484e4f2670d2cb3728c039975d9e5f0c544eb22dcfa744335063352e7eb10399aeeae9fda8c03f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b184956225b05150fd0bf68bf567cddf

SHA1
4c20ae6427fff9c812102dbc2ee14ee388c1a9cd

SHA256
168fb5ce1740d45eb866e031d7abc5230e4220a5126dad7ac967c27d1e5f107f

SHA512
1f3e17cb49565bc0bd15af4e37341d2aa8d103e5d152c19ed8bdfdb260d42cfc4551f494bf0f8def4129e845dc9bc354eaeb0baefedb5873e7dc8d7064175f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
f8f11f6d75e6c78e59d15a594b090807

SHA1
1d7fc7e8b24bdcd91bcca42872e8597e4c445fc1

SHA256
33ac9c4c4fbd44aff8a99ddcf79f5e26c835ee7b6ecfc0b494d32bb14c6d62bd

SHA512
49f6258c1c48bdc9605512393d4672b0e69f5f7f494065851b99e2e83ccb5bff4bea0f6823d479608facc524867793f7df938baa80803b4ea683d573e65c77c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
bf95f269e3788cb43bc7f8fcd568160f

SHA1
8f3ee0caa774f3c390d98c1e3f6f3ba3a755cf88

SHA256
d42be660a3c83843706d01b7076b3e1542e094a60f60cd46462acdefd4f51699

SHA512
25b6efefa171747eb1eddebdab7686dd3aebb430fb2f0dade49e102bfc6bb16407cee544fc0175bc7f4bfe64cb57b8289a98f15d04dd09ad37696a130e5e932d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
0083c768be363aec60f700d1498130e9

SHA1
c0ed680cbfeb94b7d7741e7eb3e7c2debced52cd

SHA256
428172617dcdd3dc449bde13e58ff459363c5123b94b4e2b3709f8ecceb65062

SHA512
0ab951affd84ca616b2c4dfec95f2e8ee6de70af97013162b21b07c097e055ec8294961fff2065930488aa06945ee7d947726128966fac38fe2ed45d8aea894e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4b385a9481e642ca44cd4b3647a8b557

SHA1
f6b0e3cbca7cf7bfb76e833fad679829b4d9afd0

SHA256
bf3b029325e9af914dc347bd81d86ee9497597d6db788cd0236ca6d3c48da5c9

SHA512
ddf2acb6d45514085fdb2d315b64b4b105f942439dc8368ea763fd0bcc9df317f3c24f268177a369429bbe86249889c45761d515e812de19691806bc8da07e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
571e720b96db04d8546520b40693d6b4

SHA1
fa640a0d053a8a4607227961dbdd987e6dcfce76

SHA256
cdaa72c7b6eb5e80f4b5f5c47995923df2435c84ff35aab1fd5fe7dc9ee7c839

SHA512
f6353799585ff8d8fb3a7e61b43846707831798e56495a737e437b1853d5b80cd27f8746c20ed58d11717415f1fa4f2cd5f2fda46848fe3d9cf517f6e2b71f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
5b75526eee707d5759038daf498c6fe1

SHA1
279b4ad2ab8465958c0243c2dd99a2de355ee19a

SHA256
a18e7b94ab57ec17eb9d3529513bfa54ec8093331d8d4a4563888267ade830f6

SHA512
378fe2338ef328a70859a29b473eeee86f80f1d610069a615a197cb14126e8e19a8fe1e320098944ddc1e858fba0a99e771605e552aff99696f7bb739b93032a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d486.TMP

Filesize
2KB

MD5
337d88bfdf4249c97d66e4d5c0803ccf

SHA1
777cfed681d46778922dbce3529acddaeb1bf8f8

SHA256
1f04b118faa613098fb50708b6f5b35c6d7ed2cfb80c38e5cc91e5733dfcc5e1

SHA512
f206da4d524e7e61db42e3df393a2e5c05c89cc38459c76c9743969775b7b9d3efff2bee5cf2f069b88e6df8f0832227b2714c8a02c2fc36e865c8e2218330cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9189a06bd354f5f26b02d8574c39ac4e

SHA1
94682c1e9753a08b2f9e281a79f975977edf82c3

SHA256
9658b4307ddacfe1b057fad8f512ad6b458149dd283efcc2a81247541848316f

SHA512
b926c245fc05bc157ec4783ddc99f1b03f090a65b6e90cd5c84355091bbcf0eace747a33b3359ea98affdc7bc589f6b3ce49769db7774ee6afaf250bca249801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
86d11808fa60241cacccd1ac9618946c

SHA1
c3a1b3bf7561e473adc47c0351c5a1a41e766e20

SHA256
80a34153872a226c1d9a31fdd653c9d7d0456286fc9cea1014d92ed924007d8b

SHA512
3ad99f8fa94669754fb9dac9608ac4bbe75facba318291accf443e5ad5d4ae05afeb0abaef3972ffe4bedc41834d07fe83f4cafb17e9e9b85dc81dcfac811aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
258ca1aa2d0dc0e4a62185379f325953

SHA1
b21208cc95e8bedff7031b036042f50ac657097e

SHA256
a51d98088297056f6ee045b7906e58db9333d82c06f76c8e25b70b5b89e1e962

SHA512
0b09ba267ae11a8cc09ed83f0fa6cda60004ed7ad00ba166f75db1e52ed00d4832a4f7dfe8f7eed035e3d8a373a5c3d7e879d21777d074e8ddb5c0efc7dbf8ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\VOSSANOVA.txt

Filesize
2KB

MD5
1b33047554960647661032cabd1abeab

SHA1
bdc201d4fb325b67c68be4ce6ffdd0d99c685aab

SHA256
54159628ca642f87e32f8b3bfec63395ec70e61c8f6eb628635673406ca750f7

SHA512
2ed201100f843b4ff81cdc9d06c02c2462891f4adb5fc467acb8e51fe82440c6b6a06f398e1ae40a075867238b4db69d8909d2ac0077b1b822a8f6417ead8ff7

Download Submit