hxxps://cheater[.]fun/red-dead-redemption-2-hacks/

Resubmissions

12/02/2024, 21:25

240212-z9z3esea97 1

12/02/2024, 21:22

240212-z8dg2aea72 1

Analysis

max time kernel
299s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cheater.fun/red-dead-redemption-2-hacks/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522469324067674"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{78B65FED-7FE2-401D-88D6-7D7230B205F5}	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
4488	msedge.exe
4488	msedge.exe
2156	identity_helper.exe
2156	identity_helper.exe
916	msedge.exe
916	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5996	chrome.exe
5996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 2524	4488	msedge.exe	69
PID 4488 wrote to memory of 2524	4488	msedge.exe	69
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 668	4488	msedge.exe	90
PID 4488 wrote to memory of 3108	4488	msedge.exe	88
PID 4488 wrote to memory of 3108	4488	msedge.exe	88
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89
PID 4488 wrote to memory of 3432	4488	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cheater.fun/red-dead-redemption-2-hacks/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29c146f8,0x7ffa29c14708,0x7ffa29c14718
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12450081961170556452,9469186875085964568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa2a009758,0x7ffa2a009768,0x7ffa2a009778
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:2
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5576 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4640 --field-trial-handle=1928,i,12474011046861366044,7904609392988618505,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
a418064251905565e2fb385b75e62215

SHA1
65dd9b0bd69abe98c0b5ca583704b81e1c3057c2

SHA256
e4cc53041278a9a3b755059902bd8bf42dd48a5fb91d72232b7bde0f67e6df0d

SHA512
73b5965ed7ce1899b36826333befa0396c8bbaec1dc3e24001bb4609d2c389ef9ac94f18f753e8ff33281d9ee931c33b33f58b8499e0cba5a2468f8d96ea176d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f37136ee5b7bb9d982747bd07d669351

SHA1
7d8f9a01136285cea9a78dae5d7487d7c59cc686

SHA256
6cba3d99bb06ca174c5dd3bdbb9bb80f501616850642daae5e06e334aaef1e30

SHA512
d43f6ffaca32768c3c74420bb1b0c62a65d06a1ddc4e343764774060e46579c26ce401d861aa8944fe0d8f5982159fd90ec04880a335a25e2e2d845b2e61ba7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
29b9c29ec6a80334e65adde4c89e69f0

SHA1
bfa7a8afee7e5e0ea14238952f05273a27b6f115

SHA256
954e4820140132f1a15ec9aac68c8e630f824e790d1d2c05c248bafc30f5c03d

SHA512
87f5d347b5a67e853f2f3534c8ce7e036c3bc8fcc8d63adb4a2dc20b973ee5c839e606188da83cf919135768c55d25186a32d45a82c58dc85d1aab7dfaa71103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4707edd4907f387b71849c70385587e2

SHA1
12986e75582a2563af230f57234baf9725c386ce

SHA256
f198f95bc6e3b8a62a5045ed545cfd0cebe2954933617cc6c6af053a79b45885

SHA512
a0edf060484b6ecd396ac6934cfb88f76fcdbbc3c70adaf1b6222229c3321ca3e3c93a69c88885095ef33bb8a3799fd54e1977c3561191a60db53093a0d82bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7c3844ff05608db61485d1473b6fa0dd

SHA1
65307235c5f7994c13ed43531a99dbbf12f1aed8

SHA256
02a148faa436d0b807b6df27cdc0b3e4620aad36487cc3be69be7fbc38204cc2

SHA512
29c975ce496f6dd698c074858fa473d93c62c229f3140a235cfe0b9440f39730f8552728a94c1b841d23271746a8458d2cad975783a5ffb9c1ff883ad419196b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90f000e2d80aa9a7eba73a910f67439a

SHA1
4ba7e9ef14900a513bac7e7755d024deb595eed4

SHA256
eaa669955d5aa194584752c444b141eddf8571a5ea547493a4b11ae323cc8182

SHA512
a8e9a283be265bec3673ad550574435eb72e40e7d963671a34b70f8d4b5225f62a1c4bcb8df6c03066993d9dc213720df5805b25d95ec7d99f6d6556360be796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c1ce2e6f2b0c629f9ecba1d733553d8

SHA1
c530a49503ebb4fa692ef355969786ef921f4536

SHA256
c407c0bececd743ea0e519208f960310e72d982f886b3123b02ebe1cf540c758

SHA512
2b941f901715eefaa55a91a7031fe1752d1662e825da2b84d5df08a6f99b8af397f8a281ee6f25c805f335d214bfb5059dbab3025d0722dba6a0efd989bddac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a49e355e623bcf4f4b22f3ef37873fd

SHA1
5a30abde004d027efe34bd25fc7ab6812af62b71

SHA256
2dce553a69d96a963bd19795773d979eb9ff73ee9e8191ad79dd75c8fdebaab4

SHA512
dba104180a515c6840ae69452b532e416d6f1c2d464c0be92910b136d661dd97b5c18e1db9037781da74cabc0532c0be1ca6c6686fc6d6c59b77b5429d23099c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
37ac5a62b4eded05640575f5248fd244

SHA1
0c3f4f424e9a9ef4203819f5764ad298d7364706

SHA256
9f988825000c998a62bad1a616f3202f5c827640fbb692139e1bdae6d151eb2e

SHA512
bc9130d119453f2216f93e807016272467d5753a8727e39cc6b2fa50a3692cc81f46e5d3ccd9454735bc25e1911502f8ab12848ec6ba8b7a4f919e5945c1e30e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
8bacb8082cb128194e303151a0008773

SHA1
a12f632bae0a1fd90ecc35582e48977655bc15ca

SHA256
1261bf7c5846119c5ef39aae4def9cfb764d23e59902f6274d2fe65748c40297

SHA512
a852941f976ded9fa318082cd8af45a1589294fe5f1a9e1a0ff7e9f0bb63f7a66831bbf709a696195b9d551d8c03f125933617f9abb792732a51ad69f538b11d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
8772c36b48e49eb1d7ccca701d0e7304

SHA1
04fbee5acb30a430886d64affef575093339f3d6

SHA256
7044a94f3b661bb26fd999df3672f59bcca890cf538e69e511d32b7ec6fed0e0

SHA512
b8c5326bc119451e86e30482f3a782b26702c1ccb318b4e1786fac879a017ed6c964774f151769f6d51d8c824084ae6d98955821e124c3030559f5892cbcb110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
85KB

MD5
a7c4edbaef38c268a68bba371e60671e

SHA1
cb5c92294c2cb4da234c6f448ddfc5077591a460

SHA256
042ce07611769b6913723343c82e3eb824da98363e9586732364c54f13eb760f

SHA512
a590f83634afb1fba0d4c9523bab8fdb1d7cd0f8001fad9c5c693249357b769d3e53df922444d24e66b3cac9cb580e1512ac1c98a620ca4127ff8162e742de1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
50KB

MD5
5a68d008288ee5a71146fd539718a37e

SHA1
6a7ee1eeba6e1ed0e8a7a01e004f2e92b99c07f3

SHA256
d366cf629bcacda7319e29eb9634c4b4eba1a7f7af49346ad520e6d9b1edd2ef

SHA512
e9bff90460448546a9526d37f548ad638f6b61e68d275778cc431d690d290f7c8204ca3edfc65fe2f8b77df99b8e01f9c3ec3444084d140fc61ab8e659cd5b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
137KB

MD5
db26d6d69f96eff09bd3ca17229e21c6

SHA1
4ddb8626203730be8aa25099cc593cbb6925e164

SHA256
5f791cb98f79317a4dd7a555b04a699d7730ba1e6cf729ff019e5c60b55a10be

SHA512
c13f49a2cc84bfe5b07026d2d8b1edb62472e5121706dbb06fa40a74b0679cea2a4a726683255a31186683ff77de1612c9666fbe3b5444609c3a7ae9982d4148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
424KB

MD5
d321a4a917ef61dec7d069aacf784508

SHA1
cf90f76a3b2cfb7b40eb1df39dc336200a933160

SHA256
ff20cc0f57e817f0c931520df40b0f321b08ee08a70527de144aad7a9b9dcd98

SHA512
891117d13904e778a03d6a7ec5cbe1179f85fc84cb006c76a19999cbbd4b95d427cc3c5b27503621f65bc582c6930c5c56c3d1159a57c9e7d6609fb6e060c96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
31KB

MD5
ed9c5739a6faccff74cfca52b91d664b

SHA1
a00795fd47ec397a68b856e09e376fd0e137a68f

SHA256
b7c3c5e22048717702030f814e11ea93742b3b7bfb44ea0305a64b6b39e2fa58

SHA512
d46248c547361091eb79c18471031f6d60ed5a77de35aa4dae1f6de57f6a20bb0027afea9f6620d16d8910d4ac96129e4a1ea85feff2d186db255ebe00772b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
28KB

MD5
4dec71c01919062eb657c71cc2494aea

SHA1
612ef97b7e5ad42bcc4a6b7d2b5a7cbf32ff1570

SHA256
2ea60640f02f2a66c2aaae3a6fb259b86138a47493b22b2ea7dca112dbd4f54b

SHA512
d19d331c13e2a82a28ef1ed55da54c1fc6c7117d113aafddbfcfd09dab70c2a3865fef211dda2a71efe7612fe242ef532c0117064253b11c93e1726d24ad0d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
1.1MB

MD5
cd576832e2c724177023735b219ee010

SHA1
eea8b83001bab88050e5930b0d3f44baa134a015

SHA256
e88ac130e3d71164cf2f2f17b85cc3b9ab36fcbbe65c4a4571701e4fc7e9eaf0

SHA512
2750d9c2ecaf7ec27c3c4092fa3b16e58ec1f5ff79b65eb684ad6549721a38238955bc421871f4fa778069b003db609bdea231fc969db8a36f68e1a61adc9d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\05db63df760449db_0

Filesize
299B

MD5
27365a8bf44d51736a70818e071a6df9

SHA1
6d534e9be920cb139c45cc4fe6cd3a6063696906

SHA256
bb9f647e495b0dd51de03fada965e696b5e0714aa56b3993a150a7305b0a7e76

SHA512
97dce3d7fceb042ab0f32663288cb2862983b846c0d8bf969b3c015e80673562287d5fb3af06421142af2d3fa2e135fb0d69396ee47f3c96296ccc28c2aeb154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1c7d6b701233d922_0

Filesize
262B

MD5
5473e7dadaf71d3da378e1aff8be2863

SHA1
a470711c452baccf0109f75d5469767dcc13389c

SHA256
d1999b89ef741b3224408f70b237d7a6fba624feae88baf1505d3205c43c37b2

SHA512
125aa15053211740c85117573f07a1752e9ff9d7e351b3f5c39c8b42aae98e64ca73dc2fc691949e8a0fe363c0d8e3bd8a7d32be02fee1d06b6d4405c7153518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\287190b81235bb3a_0

Filesize
401KB

MD5
4da4a4de11bf31f4f00023a5ff99d3dd

SHA1
529f0d50af204d93d647271a303691aa0cda7e4a

SHA256
7b832f9a1591fb350c0d419888f8393312704066947ef4870c39945be61556ab

SHA512
f0ac16c3855201cafff9e31dac74abdb11077a8690494da55b01769307dde15547299df204df81a1fbeb48bddf3c381906108acaf945c0103b3dbded02bf7a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d44234363a788ae_0

Filesize
389B

MD5
1896f1852361ea09ff341ee3c77911ff

SHA1
666a8c34c679071230cadeed731e33269d87adb7

SHA256
f1a11d4fe8692cb5f4c4cc274491aa37b7e1fdfd25b1133975f12fb3e92a2430

SHA512
8beb5aa641e7ccd4ca796bd612b8c2e467a11f9271851c1cb5aa89657a3e50c8867f4661fb41e18bb41599e8d8bc6877d83c00d79b256a30d3a648e87b17e68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d10d7e1a74e9375_0

Filesize
28KB

MD5
7f6bf1721b0f3b9b379eff61153649cf

SHA1
c241ed658f6a016e2572a137b0bd9baa96e7a730

SHA256
e363520779cca3bd7375bbc2bad1eec494a078b32a2bcd216f96c29542d5cb19

SHA512
d500a51dac84bd7be190740b76d4775350911380f9fb2481b837bd4c156659575f6e755b50bbf440bc36f5d7eb7b4b85e0b3367da950180fa7aea2fd8efe911a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\512aa737dad5950b_0

Filesize
323B

MD5
ab94648da9ba96ee91e55f0b81318826

SHA1
837295c391bffffc91719258286ef874ff390902

SHA256
c21a4a508fa3bd895132ce2c40e7c37bb4c8f415f0508979c623c5c0eda29ecc

SHA512
cb257d3eb6df262afc3c53c99ef03838d6ff6e841a4f83c17852f62ac22e97929c3ce5c187bfae390d3bf8fc1afc9d8da2bf460ba39f58d966cb897e5c84c6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ea5030e6466621d_0

Filesize
40KB

MD5
305aa5166a55a60a4c311d633273d454

SHA1
a43c71517115c99e9069d7b0c5eaa19d14a0f5c3

SHA256
283f24f44a7ca481c65bb1a63a5de3398af98774f3ec1f9529e0a99a9f54bf1c

SHA512
12a060463497d8207837a4fdb0d3027eb58ed3e9db757e0515e4e36e7fabb94a0ba866fed3230bb6116edda8fd18abf23672542707722982e5bc500c3958ba43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a695b2c08be85be4_0

Filesize
89KB

MD5
4cd114f96bd7d742280483e2a94eefb3

SHA1
0f695159084b0b1c9e53bb292da7185a9847944f

SHA256
72854ba126796d314194ebcebba373dde348896d5ab31c3a9079d2dc119a6522

SHA512
ef66c29c36eb62b3d8c0664107d312b136832e4c73f25c6ca625ad83cbbe70ab8118b9432e3400f609b257444731380d00182c3ddb892e83cf2667cb1a3b436f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c8536da3c12ca99a_0

Filesize
210KB

MD5
df74c02d4c81416074e2b8fcfba15721

SHA1
c7f259d9079af66192d8d5ce70c258bb5b515194

SHA256
833bd1c1fbb8674c722e4deca1392d681e875d4e9e990622f32f51ab9eaa4e52

SHA512
7804cb6d3bc24246f6b8aafc5f10f2c3790de8e9e07a40bd49fb8156199d4804d17a4f965a24149c14dfd7267e0055cef40b9daf134cc85c4ae81588caf31d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1d6e69e1a9331c6_0

Filesize
540KB

MD5
1f299bacf325e3b12628d84fed88b18b

SHA1
f30f42f0a1efb8340ec62a883120898779841d6a

SHA256
0073f7541a7dca056a6204e0f727f117329b8e9ae2d345b13fe50f55c0203bfa

SHA512
3a383a80da3538403d4d05868172265dc5d2b5f77882e782049ef5418a9c8921ae2f379f64905fada8962291cc73154deae6f6d7c9476c829bf8b7f422b4358b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
954e87b9417c6820fee865a36c7175ef

SHA1
5b9e8327b6df5b73410dfa7f81b0e0cfdc418dd2

SHA256
afb0babd0c30d5ae7dcf2a2da987e40c12e22e881c431acf6c8cb1994945cfa4

SHA512
561df3196c04a1fdb173def0572811684179ddc70e72af11c45de5df16bbde6071c708f3582e76d35e5f90048532486a3964fc076082f5c442c388c933234f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d923a889b21f21d2d3783170a3fbc0b1

SHA1
1659750f98d6f023d52f334bcfc39434d223811f

SHA256
a2878edd667b145aa434a599bf1e9bd956943008e2f6b35311619b57750cc7c4

SHA512
1c22849720ff54db8cb197d4e5cbcd4234fbd743061ef4c3f38015bc4ead3310f474e15ea53150954fb525c9bd86a5d564be68627f6d5f5c8f092cdffd731eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7ffe7f500065fbaca408a1fa35339793

SHA1
c6cad5c736fed454a74cac55e5e69273ce75ae1e

SHA256
f6a7dc43ce98610e65d06f40fc9b21e838482bbb70ad57cfcbbf24bece1d70c4

SHA512
e0dab76639c078414e1986ea0f1e30263721a1939974a54fddc901b6139d8085b2135d3f8638a9a22936709834aa14e1831fbab32ecffb8fb1e39c46accae326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1df4dfc1df8e8c54f85b374175beec6d

SHA1
031d903f8b6b8fdd26e98830bbfb1808c5d36245

SHA256
64945b3c9e3cd786f95f7070ddbe79e0854e40e99209a84ca826c3a363209991

SHA512
fa5a25a11c7cafb8a9bb233f679778db45c385d5a58632d7c0f4641da101983101e4a771b2462f21edd94d3d0f3808aef8888837cbd4218de5ae4115f2b2e4af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
b28f4bbf16344168ed47e98c75961493

SHA1
13ba7d7994ceb9759bdc6136f4f201a4034c16bb

SHA256
249a920a35827992f69456d5f2eb133bf016c9b92a0778bc5187bf6aba431a1f

SHA512
67d529138182d031099434b29fb0bd357b57bb4654764beed9482f5a48ce8a449b746665bebbcc53d69a4aeeaea212117dbaf91b3f3a6a269208b71b78164fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a93f7b6171a33d2835da103093f0570

SHA1
280b8d44b0bab8631bc23e131d2d1a2d5ab60857

SHA256
fbc91fb1ea63a510b138840ae5196634ece865f8fd428f51493d8fbf2854a16f

SHA512
3ad254616e71d5e88f8f3cf33e0cd632f83bf1e6e27b31b642af1b3dbcf6ac4ca5df1b81239b27d10a482a0c3710b9ced84660a1cb59c1d772a223ec747c01ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
817e717f8911fbfda8c4cd172954f0fc

SHA1
ff8dcaa09115a803e98509257ca11d371bf5eeac

SHA256
7223e7eb9329e6d15f9e02e405a0247fe9599b45a585326cd06193503da5017d

SHA512
7f0fbc3c85e96132cf7a1ea4f0e2bdb9d5429eabff49fe4258363bf1c48fc306c1299d3f34df17c33cb4f7870c52a75636cef01d68195a09d0d951c8b07fb46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf969f411fb62cac571cee29b9f2c692

SHA1
6663049ee8cf7abf4cc8bfabf8b32e55836a85f6

SHA256
0563de8268a749b5d06151dd27aa3660de14bdbe144a7544b9095ac9e215c03d

SHA512
65511bbec8e19d9ea980429fca14217e8dbdf5fb978a1b9ab637e84fdc876c543437779f57168122c6606e560b9d844533d48c26c743228ce15eaaad3158f7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f46fbf8eff1c0028fc9fc7ced88977fc

SHA1
9d451a3be03bcc0019c752591eb093034fd62140

SHA256
16e4d06eed43d6840bda344a5e7b0b29f8cad4b4a5d2ac3d3aa0c99da1c08878

SHA512
a256c24aa05920009ffff957fa6cb7d9429cb367a9ecfac541acee672a1758444a7d65c23194784651f06721ca20c80893d47bdb2093bf158b6d61c7c059b3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
803278568f1fd8f3a8e680c87e99eca7

SHA1
8355b2e545e7fb1fd8f030e4aabe5e549a88401e

SHA256
51937e5ec77a7490dcb62f26c3941ba1120e987b4e553d64fb624a2dfeaf0e8e

SHA512
ec797d810631e88ddbef0b8dcb2158c2c675f0f13f90949c18e360530f5a3cf62f3d1487444c4c383d7b0a5fa45717401d919a41b0e979e45d081a2efaf2ce1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
92205fb864cb7826e35092f8932d92ae

SHA1
9d6c81d4e2f5e7e42bbf54e2742d268308949dba

SHA256
f6201eeb6c1a4b66ef63c529c707e42ad3b19b0da3445a3c17ce6ed84ff563a5

SHA512
7288d9204867af236901d95999c0b565b44f1907b99ebc3e9530491885bd2fc4d49d8bf1f3d1ad9a8c13e4ddec49d1a39400dad2c72f81134d600c6a06835470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a4a49a26d938ead0bbd269da3339cf23

SHA1
1b7b30483d1c1d1481467afecc8ea4ffbc748a9e

SHA256
b2bd10fc1d7a824dfb721196ec3d9a9523cd644a61e0e93c8ba07d4722b0c7ef

SHA512
8791fe353a205f603bc080efe99431e27e905da9294ebd1b807767d2ca5fb2a2865dc705ea884f45bb8c464d79ca266338240e1c1af6c272dc590523f1f204aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
adf04faf9edd4d78f6519779707bffe0

SHA1
4806c497f6fd678c770fb4c607abe81d57ba5600

SHA256
bf48f5efd31082f9598d28127ea8231cf3d893ea3f73d785a171cf0f060a5333

SHA512
047e3c0f21efba8c3c215fdadf73d34e2e53cddd4de013c037b856a172ecdda918237b32cae7c18e18d3cccbc58cd6d1ff97b3a0ec55d078a7db152fcb61d521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
820ccfc7d466c11fec1f38590991251a

SHA1
5423c85d798008d54e0ae8a3839e92d832632724

SHA256
b0e3ab620b75f9a21f9afceb275b08d13fbf0ff73932d3f7cf9df07c4a53ade7

SHA512
3c46d67595670791b22c9fb57a61f2ea6323623d9dcd861d1d7b4e40c618f4ee84a680cd3484d31b0c2233385fbe21a43691ab2d28b1aae99667cc183a640df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6804a5f9cde1bbe68f0f4f3ffc15421c

SHA1
0013d5988690643c75f5b6bceb827c19b641cdee

SHA256
0adf21fbf88b1e24e3691c53aed38cdf8c75ca228a68f38f04e0840e4d4f6e91

SHA512
a12b7482f47979b4ab050447d70b1579cb2cff38959cad8f79b7aa8ce66d89f65031daf8881ded939b853c420b8f9bac8571d1dd1abcf5d4bc286a78536320d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d0e48f2e4f5728eb265c7b3a75af3010

SHA1
9a9ef0a28b5cf3690c19fcdfa569d94dfe7e25a3

SHA256
f819c83c8056366698bb1ae0d29674e53081934a19e51790a47e4c6dd5aea391

SHA512
72a84cd6fafc6bd387b2d0635a50a77dae6ebdc0ae3f7d5af2cd762155df57923db29aa04491eb4fb0f2aeb42b5c1338ff5b6459768a646ce729f881391353f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a954bd59113ed2fb8fe2eeda48552ef7

SHA1
419ea47b36a79030e7a2b289d739d3c80a196338

SHA256
8382882fc8f9fd55ec53938e5ddd606241d10ffcc35c9731c98523b6f0a1e86b

SHA512
d06724b17deb43681ffbc6c82721d8a88d35e078d17c58de598fe296a27c351d9dd2fdc9a4f8aacaea6529e16e5740de2aeab70e567e70af98864c2554100c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
788c165c57f5475c750dad0a68d084cf

SHA1
0d1f2c6ea77df6ef0d1e66c7ddb90b105d570e0c

SHA256
e43650d8c82107bc4f3bb9edad78558190696c36d6ae46468ddf89fff993768a

SHA512
14f98793078fdc71238477d5128bb6327e08b08bae33685926397b75c204a032bc2e158a6a98c6108c3ea633c268a2072d98546efb8315fd81fecc299221a5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3246a55d8dee743021e883f520b0ea58

SHA1
da4a0edcc1c39c5748d6240d8290f39e53b9f067

SHA256
9d7918102516ed724bd502b49d5dfe842be6ed50c4e98c8077ecf127470b8a4f

SHA512
c3b69e6c93c8ad3ccf54485d5892bbb4442e84341db94424b6bd1ad9eaa12f5b612d9bc681128aefcddae144d3366fcb498d8dbdc3d56ad89f825b7d5dc0560d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
a7dfd60581b3c196f22e124891f9f0a6

SHA1
7993868f84b70f3d1d6b1e786fcaf87d4941bd55

SHA256
965fed95fedbfa96d544c78fc8ba87fe9282871fdbc7cfd32e45f645b5313557

SHA512
9dae7d1cc4246b7615443f2934f0231bf8fa131452b322897e218ff1b8b40cc855485dcc7aa9417f6d75c0c2be91330811d93f9cdb4e2d58ded52614e47fc06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
b195e1a95c625ffd475ffd1413f5bb75

SHA1
ebd3eba5592be0f5c2ab4ae45e156c7f6e0307d9

SHA256
4b6ffad0bef653a0d78259b30d8d86eee344f041f8687f1f5c8cceb38915fec8

SHA512
252e3d7e67458f3c04e6d8b857aa7a9d2d39509e3a4011d5084f6596214788b8f850c8beb1e8afbcf148cab2a191e909fb09a510996b867f778b79cc1a6686b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a19cb8e370be08893db4a2eb00d4b405

SHA1
cea7d22a587f9a778406db94c83c9aa139804b37

SHA256
d935969471f74abfd18e7672cfdf66fec01eae96fad8168aea18c50bcfb88954

SHA512
ec5932749c8d80380f4486e59733db040a72b85c14b57ef9466bd1e740fe5f22771a599ddf898723be0069bcd0d76fb44ac86debcde3a09a7c93d39c840bcb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0ad42fc912bc9d0a2a5ef3730cf15d0c

SHA1
401ff84e1f28c5355bbe46fbe72fa0b171da8d75

SHA256
84c1f15295e61ce3b55c1b3a0c3259b938c97ca3a3f3fe8544941a4a37cdecfb

SHA512
33435222924956568e3ddf2f62f55827d00b2ecf5a5eeaf3d97df34260977e7d7ff40d3da64cee70ed6caeeeb6f5559b2fda8b1b39096afd4d6213dd2bc3be29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb9d.TMP

Filesize
537B

MD5
111218e7e64ba84d175076bdf9d6efa0

SHA1
fd99c46354921f7615fb11e8fe1cb7b7e5a18570

SHA256
994e7384038b96cdd387e85d5a5bacb5c8d1516ddeadc13c195d3940ff16eab6

SHA512
22e4d92fb1a4f0c80cf87ec32f47900f235efe22255cb81a3897cf369522a4df8c391054f6cba8dc915b76f7acade190807e280a0ca1e7b87318f1dac0cfb9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
19b93e305fa1bfd08997bf4c98c10104

SHA1
f8cb914104ba4589784b55da618c539b5876d354

SHA256
fa87a88d5601f10a1585ec6d40e393b6578e31453bbe46eefedcf61d698ac522

SHA512
02566cf88bf864fe6e9b08d83e7857f756e0cf8dcfc5e8a5b84ff931f4a17c441602cd4d6c115d5dcfb63960eaca3796c5a147bc10d94ffcce3510a2650a5786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
50a20fb39ab2eca344cfa0274b0c261a

SHA1
9c9d0a013e7f24f8080f7f4c4d5cfed8c45e4f90

SHA256
c0dd7e12aa5dd337f50a39cf52c900d3827079bddee128f85fc8d7f29f9542be

SHA512
e014b0ef533ac477d82e3a6b5be88e9305dd0ae8ed3b227e0a03426893c408d64b54ab7fbb10c7cedc2017eff3c9385f809015818354ca2e3cda2ecee48ddd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
27efe6c771b2b9c5775b0bb5a216d39f

SHA1
f5d9b9aa134e39977610aa01802be2db24a7ea27

SHA256
a858a70b09db8dca5e9f2e6ce538f3caee120181740e416837355fb9bffeb47d

SHA512
5524fc8e68e1dc2f3b6a23531af1e01c1098c82015e24b50cbcb6756bf8f23d85caa7f0ff78f1d68bc3943ef52d840928cfc447b9092d21a0135dfb24001fdcc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit