hxxp://wddw | Triage

Analysis

max time kernel
1799s
max time network
1703s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22-05-2024 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wddw

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608125581622328"	chrome.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 3124ac94e1abda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 085b888ce1abda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 30d7cdef1bacda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c50f3c8ce1abda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "423133303"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "423186398"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3256 chrome.exe
3256 chrome.exe
3256 chrome.exe
3256 chrome.exe
2432 chrome.exe
2432 chrome.exe
Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

1556 MicrosoftEdgeCP.exe
1556 MicrosoftEdgeCP.exe
1556 MicrosoftEdgeCP.exe
1556 MicrosoftEdgeCP.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3256 chrome.exe
3256 chrome.exe
3256 chrome.exe
3256 chrome.exe
3256 chrome.exe
3256 chrome.exe
3256 chrome.exe

pid	process
1556	MicrosoftEdgeCP.exe
1556	MicrosoftEdgeCP.exe
1556	MicrosoftEdgeCP.exe
1556	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4492	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4492	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4492	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4492	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1664	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1664	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1664	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2452	MicrosoftEdge.exe
Token: SeDebugPrivilege	2452	MicrosoftEdge.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

2452 MicrosoftEdge.exe
1556 MicrosoftEdgeCP.exe
4492 MicrosoftEdgeCP.exe
1556 MicrosoftEdgeCP.exe

pid	process
2452	MicrosoftEdge.exe
1556	MicrosoftEdgeCP.exe
4492	MicrosoftEdgeCP.exe
1556	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MicrosoftEdgeCP.exechrome.exe

description	pid	process	target process
PID 1556 wrote to memory of 1664	1556	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1556 wrote to memory of 1664	1556	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1556 wrote to memory of 1664	1556	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1556 wrote to memory of 1664	1556	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1556 wrote to memory of 1664	1556	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1556 wrote to memory of 1664	1556	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3256 wrote to memory of 3312	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 3312	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4700	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4192	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 4192	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe
PID 3256 wrote to memory of 2884	3256	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://wddw"
1⤵
PID:1260

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4492

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdd2819758,0x7ffdd2819768,0x7ffdd2819778
2⤵
PID:3312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:2
2⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:4192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:1
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:1
2⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:1
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:1004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5028 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:1
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1700 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:1
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:1140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4936 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:1
2⤵
PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5024 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:1
2⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1892,i,13824397698437631824,2238017169391326641,131072 /prefetch:8
2⤵
PID:1052

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320
1⤵
PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
249KB

MD5
3be32dac77e201e31409bef76a043051

SHA1
719ad0e302a97c08a6c88387416bc70be0b88b1e

SHA256
7b7f7ea0ad219e406a107a85907b049717b813c871fba49763f9053727cbb652

SHA512
9c8b2a76a8155d17651c685cc4d3ddb4bcf0dd03747331ee655ae13e9a2d289c4bddc89cc08c71564f2ca19918dec7f41d19ba15f7d5b620cd240f013fa3ee4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
163KB

MD5
a224036f35dd91d2584ad927626f01fc

SHA1
a58eaad633b7cf6be1894af0b3bbc340d9347709

SHA256
3fb7a26d906490c9cb219272917a4e14e4c2674cf2ddfd51a38c79214bfe8b68

SHA512
843efbff949eb000e482f8131a6c06ded3c9f66a10981cd6c989c8514ce86ca591343f9c3bc416beab6b11fd8335e7ad1bd7c6912e3b4ac0dbbb775c5a7ce99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
222KB

MD5
ffa095ad43fda9e7b64973ecbfed21b4

SHA1
4d2635ef56b4617968394967319ad4727b3c85c4

SHA256
ba267459029a30051db5d96f2a2f6b976444f494555425673f03796c1f8a1b67

SHA512
f5b22253f5a6b65beeb697ff3cbf72d8878feb616c3dca05dc2dd9b1d3d3674e5d681d208377d4a9ca3d7134d5f2690446ccd42a64b9bea82b88d998d8d2b3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
42KB

MD5
a677f33722a3bdf35e0422681511a7e5

SHA1
7334848df1d00e5d4d3763c8bb866fdc0229fef4

SHA256
883e52d794da9795f687fa10e649ffc186889e18b8ff0c57a0701eae43d97348

SHA512
7d9f1ae7a1cfa879cc2ab16a35714bbd76011968ea66656e32e8d9c882bdd2c1ba01cceb7a632279804c686fd466fb4cf34ca504a43114ff0e212325fadf022b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
325KB

MD5
a58047728286bafc6ce249b3671503ed

SHA1
599d3a70cd3566fd9440018490f71b789cb06eb2

SHA256
dbd533c5b24f741bc19285d3cfb0d89a07bfaf4dcc142235ba7224bb2692415a

SHA512
75cb3000df8aa2adb6766517b77e26b6ada579310d5c0f436ca60c7fb3b9da9888e38287e9d8730ae82bca33d7b1a32389682ff1cd12b1d1b222ce9c0e1fd3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
141KB

MD5
3b107ccfc9096f5ef8cdd0e1ec96a148

SHA1
74ccf3c4e48bf0766eadcf1dd10cfb27c13ab61f

SHA256
6ad1511c0e5b0e951b4e3e7d105f52dca56a9f7838e4a909e8a75ed67ec5735c

SHA512
7c9f516a986251e9990d020a750f7248e725771898b325dcffce285ccde60cba67b28de1e3cd96e365a9e17f1e87aa1eba224f9fd9680ac730b26817f8d48060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
181KB

MD5
389a8885aaedb38f9a2b464e536a8e3d

SHA1
b3dbb0d39db283a131345703949e1b2b176a6bca

SHA256
748e99b76e838e71188545b0536009bf4864f724ca129c70c555eee58c36c356

SHA512
d7bf818dda513571b34a338d4bbf188877b50403fe04917f0da66390c753b3c67221e5560b7818f4641bdc3dc121563666b09eff4f3093d12a21f1542ee7e9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
24KB

MD5
745b6bf5b8f474cb4525bc158fc80c24

SHA1
b23845184a3fc16bbb43b09582caf191b8399fb7

SHA256
96a7b152bf74b55bc7b2a67417ee05647b229a9b942c8d0d347acd7705a0c3e1

SHA512
27378cc80a8dcc9fd68f7232818a31a98a1ca50cad7e9af7604205ba3ebb5374eaa092daf3129446300e912aa08c7ebde95b18b53ce49d782dce0ad1d23a330b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
32KB

MD5
2c66f12c4d5f582f2e9ece7a8d1a5046

SHA1
b9c70eb040e4fd2795c13bd884f5bda727be5fc3

SHA256
d8b3519b602619e6f250046ffb6d94450c4428df6357137c71b98a9b4b30cb01

SHA512
ef583f9c55ca1381486d28c44cd6cba7b7ebd02b73bc7e40d07e6d6d3359c5c797ff633bd17752ec1cd41a69f54f16328c706a3947a9b07f15aa143648339c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
beac5e67a4288d0826370ea8fbe89582

SHA1
d67a06c87cd9f26f5a432900295c4d877635fc32

SHA256
ce31e4f9fb9b6c1e2a74401d87d36841916f95a90ef3ec6dbe7e5572a7e3de87

SHA512
40bb712952f13862a93199fdb14bae54bbca42c725394b60502a2f71dd3d472a21d750d6bfc62ed05115973ec967b67725406574c9585a81dd6e65c0d5120ba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d57eda1c763a8f20b45c8c20fa799888

SHA1
03b383ff6bedf360bb707c6e83c1c974ced15483

SHA256
df54bd8a1a6b501ec1c5e251e413dd5fa46cdbcae06dad12e0bb347af644f14a

SHA512
3088504ebcad1e5230081f91b0ddc7e61ba4821710fb468d2ebbd4580a01aef3ccf43a9485f4b8ded03df4089951caae3f1d4486156adf3ad9c546c6837fc007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7a9b4c58a1100b10c336316cb7a93da5

SHA1
fa93669363c129ef898ef39eca16498de83fd192

SHA256
7c7228c08dfc7ca1b52a1b14b5eedcaf546cc81e7206a0271dc2cfce91e9ee1c

SHA512
56160e9c7674d76dcc8923ae3b519b7b5ed4c6795321ad05053d23ba3c5201d4b5a86d2575c1480c789f98a5f353c8bd1c774e854fca2e08beecb1aba3f5073d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_info.xvideos.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xvideos.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c8b3e3bc605cd75de7258695a67ad711

SHA1
01f922aaabe5e6999514b84cd422aedea18c4998

SHA256
6692fb2fe21dbae5805dcbf55a6c53ef151cb261d96b557c7242b36da0f8bf56

SHA512
452efa454b0ba09675adc78fd37ecc8776992f8080eff479c19d84a1ea18898f47705dab82ba910d436e70c08effae10d55a873d2f5b55871b0a14ea97daa99d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
472448cb613fd385f9544b204452f50a

SHA1
07efbb4e10d1a5baccf54081ab722f1238d2d6d8

SHA256
2b69b9349d7ea321bb072ba0a6c147b5e23bb19f9f574657bbddb48634ff5ce2

SHA512
c9933e712c71426f40b291b862d939722a106cf0c25ddcf92946f60d04c91288a99dcd0d74fae965bf163343b0d3b747ebed123fe9c2e900fd3024c57f5409b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4ae68e02804efe4f389f10c9ef45cd15

SHA1
7239f1800f1669b9b21117ad4f6029a58a8f8df1

SHA256
c11251aff873dbecdf2739da7b4e45cce80452e0baecfbb31394fbcdc477d067

SHA512
6cda162a6e3de1b96523ab7bd9313330c4b22eff389853d1934606e80214e5d50e70c89258038caa098be34277ad92cc6caa1e7d7ed2fde93c37d5789099948a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fd9ff4ca11a28ab2149f07a5e93f2903

SHA1
e0cbe8bc29ffb0a4d9ca653e708dda000b97d45d

SHA256
47649357cfff8838d54853eb9639d36f37840043e7e5b82e991843d4555c256b

SHA512
59f78c327357b1ce48192eda9f84b715af95835a059ea411d5dacddd69ca2445a264521c37bd64a982d61bbc0b1d68a577a36b4259d7dbc4e0cc181e05c11ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d8198ab5d178d80861d7b5c493f416bb

SHA1
4ce1c903ecb19bdf7578436e16af550fda763f27

SHA256
0f324935ecb289dd780e4d37bf2bd753eb6cd64409511a0f7717a1004cc86ed8

SHA512
02202cf3a1fc8bdc2cb873cea8020d5293aeabef73b7656c0aaca72166f0691268551be83575ca48025e00f39bd335206a485e335ad274dc6ddd7b3aca67a8c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6ba5a65845d1e73624d81150a151627b

SHA1
7eaa93b2777cf8176017b5eb268b86f56a1450c3

SHA256
5cb2dda4480ee56468206870de7c2a1bdc1e8345bb42d624609ddc0678ac704a

SHA512
40b5a5b145c731611c0b535cc06d12ef68e63763eea68798e48dcd7ee01cc716c94557afcd3219e4f0d48710fb59738be8f7b189f49bfd374830bfe77a143735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
295547010c7fc77677877ffc432cc1dd

SHA1
cf74ef7402b4a08622731724b00759d5f2d7a720

SHA256
08c1b248b6d1f521e1b1ed0c498d336ac1f0aca8d3594ea00619ce35f742f772

SHA512
abc9b3a7602179b5f69670a3d6f5abd969dfff14b9630020dabbcaeaafabee1c848405609c6ab6c0b39b08bfb1afe04c3fde8537f4c30beaa1eac4909d060b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c1e88055fe2115fb755d9cf33714d0e2

SHA1
8d18e61583f6df048fa1f7666c29d67a9a8c3642

SHA256
919c8cdafdbda68a9dc0c47ea5cd93ca1f1a8494ba44141051ed2009ae3042f4

SHA512
cff4cf2aff33c2943e6e00d753f063b62de10be2857d29e5cec6dd4a27ba8c81efe53c2aad8b938d9bbeea4be4e66d0063b57d44152592d3f7d9d6560bbd5d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3e510c38ce849ae4cfa4487ff5174694

SHA1
d287dcaee4d78d2edc5032727b6d9a0c14c4e018

SHA256
64c55e9f40e8311927f00818cfd6077ffef425009aaf6d5ad561cdb7b0928970

SHA512
6a27b7f98f76e0e1c1b780dc7078b7e44d171813daf111caac08506b152287e2b942cfd93eba0d71b83c36fd36322e9f3bae72b7d27335cf180a9bfe80c31551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dafb3108276e164818fb2dc757f8b62a

SHA1
700fa0bef74724dfed8bd771f72d1c87a0f46c9c

SHA256
16759430a2b1f445cba68a32ea35abe27dde9809ad5816d4d8e006792179c17c

SHA512
cfbf0efe501c7e6adc5280348c76c3092fd4ef1c53f7fe7fe0f61ce625166f5b0980ab440d4e62a327e1d1949dba196d1b25569578228db13abb65f9e143e599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bceca6c5383e2fa73ff1376a0562960e

SHA1
5b564e885771986cdf23811e193c88b50dd7543c

SHA256
825f6f1b02457e83e9c290e4365e28ffcf4ce0b58b2d144f26281f4aec77fa4b

SHA512
b995bb923e5f95660d7e1b9859bd7f4a7d9ea32aae28aa3359ac48d07f2e2c4edab404181a18e9d94f7331ab65d74e8bc1f1bfe80041cf08c457cce5af35a3d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
584be990f88dfd9af6a08242d75973b0

SHA1
875115d48b5a3258ef1ba12d0dde94603f611bf9

SHA256
4841542733782347508abb1c62c154a86fa3b28aec48c61f9d2a074d701899a6

SHA512
79e917d83b40455e1523042eee8676222b69b27ec2024312adbeb62a0c9e6d71a36a6c7d4de66f8bd4cded2d8aa3b14d1a3bc7f0971013b900f626f9466e4fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e16e4479972a42a4080d63a8a58f7267

SHA1
640063a7a3f1b7ccd6175557b6380778c5f91fee

SHA256
941dbde40dfdcb89ca8fb80edac2d22ffa47bd987508a8104fc631f3080750ed

SHA512
a16b46b744eb32ec2c3d54b643c698f97b78317d3539fe050479f1b937b8db06c734ac3700c814489f6a3c3ef09e197e258f77029298342b10d9663428b0919a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
abde4f6737938da5e4b4959bfd332920

SHA1
0df335bd352e90b902227869bceece683ebdf5f7

SHA256
d30ba247512c7a2062ae8009e5aed8187fab4c678f1b35abc03155b5d2683169

SHA512
52cf9ddb6f94a177645ad199b41a2038ede83c0cfb09566900b341fe93090bcb0856bbc6b9c2174cd498aee4ef5701e0fb277cf3de097aecc0cb1443463a500e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b4ae9d28bf7139b90db81c79267bbd29

SHA1
d2b2ac09b80a117351dbe5d081c27eb03007b4a9

SHA256
3595a885d1930476fbd4b667cfe59c2233d5ffa2693f9e3075c37ba744b98947

SHA512
8d848eb7806a1715b4c5164f52038d6b6b168a38206c2442fbe1ced7ebc6ef1ee2b76168c9c1e5728acc6a9adffa4a9bcbf3f7977fe9949f250a774a3bdeadd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7cbf6ffbf2604ea8c1157a4bc51badb6

SHA1
427b2342fe56e394cfcce9a525f16c45f2e8843f

SHA256
984ca8a38701dd4259f69dfa8f53b3dba0d3593a5dbadc22d6f476e6c0642cf8

SHA512
1ec173d597720eadadf268f477e6cc190a6498bcb297b88f11b3e77a35c4143ac28a952965cf3ca83cbf4ba64d03cd9c9d4714bba1e8e35620798b1ff9d01733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
89423c157a424ff4dacf7b3ccb0cbe65

SHA1
c66d6910e60c35357de3bc730b3fb1868d791975

SHA256
81d572b3dbd24ce4d3c75de2aa1855955040932d7567c610544830894424a844

SHA512
77ba686aa85c8e8fc1a08a22442ae5a33b80db230c7705c0cd35eb07c52264215a826590d61e2b506e5f0c6c62d5fc50c248184ecbba6b63f2821c0805df9c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
ca78b335f40c630b0490d5319b2738ac

SHA1
2b888b0501ab717aba405519b6e784914bfde80f

SHA256
aa2e5874a7934504ef8a23024c26e933b4533560eaf2bb3d015c20fc89c5299f

SHA512
d867838ead2caf6aa1aff15abe52db8aeeb25807a4d2e1b1f584e2508f99b23a04b85258c5339b908e1fa07b49d81ec46479b7ea22c6821fd704a6f18951cf34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
ae27d631fad6f2198792010a51af824a

SHA1
143d22c4316adf01ec583ea06fa91e15f0f3f530

SHA256
cacf62d36b6750cc6a4023d804464e847327288187f2014d1bdcd9b9e811462e

SHA512
70c3444d8ef0c3f0af2dbcaca124c074ede5f0d3dbadbf2da8ffdb812413f694fb6ec82d1748269eab1707a172c14b85927c7d33095f0ccc2321f7371078db95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
557b6b3adf05bbaea25fdf2c83cfe61e

SHA1
070802143f001e992a87a76d0838b239417148ab

SHA256
a3ead5fdfcec81b3d1a0f8649734fa81f30ab6baf61411ac7fd0685790ed1674

SHA512
6d018cdc39be2e4b5458f0ae733fd72e14d7fecbd047e6dfe0df95cad2bd54136be5fc7dbd96956753f3d3b2f35110b317f4b23b0dd928e00de7e0a43861d3ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
329KB

MD5
af5ba454081e16aae3cc1ab545942e17

SHA1
3128867cd9a326db2ef759d667079df3626a490e

SHA256
75dc2d612594f67e183216be1ae69bf674d22e0f2e0c5710c43dcb6d5fff47d6

SHA512
1623fb4051ab52f1615aefb4a5a7cb75d8debfb1cf5eded42244fd52f7c7984b33b7c7a8dd5954eabf2b147afbcba8a6bd133c744e019db638de592b62296fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
10777bad2a4794d8e08ec7a5a8cf942d

SHA1
b00773c16f4f8bf3cc4a0feaa5a691e6da7bf08f

SHA256
f6a762684587de87b2dd4903718e95969965ff39cebe799080178460a91eb5a8

SHA512
6c9fa3d693581a69ca5447829597b8949d12d4798465164f1a323a0f2de6aa513c89df0cd2bcf203b1efc0ea61655cb913eb37efbf4bd2767043e35a416222bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
721b44a779a2bfda9db76f2c91397541

SHA1
4a31a2c60841c92c846328b23242244c5b970a29

SHA256
120326ad18c3aa0069eb22a08be26de38b5b8a06b3d6db21661e3f2c62eff43f

SHA512
3c4319cf052f8c670511289afb8f9fcd3c7e2c571f7f4a753aa4daa2f7b741409f4ded193a988f24d723829be9a5c485e978ffa4b0c3feae2815541ec7817f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b7471.TMP

Filesize
92KB

MD5
9240200f90f2a75bd4530b2d4ee81955

SHA1
5128beec82c8cff414e7f49b694c4e4833693631

SHA256
791018ac5eacff4d1f22bd98ed34ec75f9b8048b2479c90c3143a41dc494b3ea

SHA512
3c22808a6eeec554f90b8f37a351999c8cf102bbad21f03c9e8e721a0f771534cd4a39988af64cbf7dbc663d45a859bbb1cf0acd07b1c297ce11e59da23b34ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VMDT14EN\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFD043E545EFB7A0CA.TMP

Filesize
16KB

MD5
53a2a3a4955c944462f046185045157d

SHA1
43a0b330a840eed58ca0449baf2f1de71a7ff6d3

SHA256
e10181a7b0c8af5807700953ba534e5e33f94297a020a3640e96c3f1c4bcc56c

SHA512
d6e9df7acc5b0d5197215fb97e1c6dfcc06fd50c404dbaafdb300714e4198fdbab4a6bba53556d50011ec2de2febe86c30fe02730ce687bb90d24e4227a09f79

Download Submit
C:\Users\Admin\Downloads\xvideos-STABLE-0.64.apk.crdownload

Filesize
3.8MB

MD5
93098ec609b39e535c26a8149a8162b7

SHA1
217e9a929d68cca7b621d8951a1ed049b843f16b

SHA256
aabe4e1c90e4b87ab586282ada58a58ff9b140f569bb91a1d60e618facb99ead

SHA512
519d1f96bc6e5bd68061a49fa640f90dd4ca6559092f0fdab65981f5fd8a47a6e1684d488da6336ec2fb24062644ad4d3159e79fbb1d5a2c760bd5292c1ee83c

Download Submit
\??\pipe\crashpad_3256_FQBPQGIPXHUJQQWZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1664-57-0x00000241773B0000-0x00000241773B2000-memory.dmp

Filesize
8KB

Download
memory/1664-61-0x00000241773F0000-0x00000241773F2000-memory.dmp

Filesize
8KB

Download
memory/1664-55-0x0000024177390000-0x0000024177392000-memory.dmp

Filesize
8KB

Download
memory/1664-59-0x00000241773D0000-0x00000241773D2000-memory.dmp

Filesize
8KB

Download
memory/1664-63-0x00000241775B0000-0x00000241775B2000-memory.dmp

Filesize
8KB

Download
memory/1664-65-0x00000241775D0000-0x00000241775D2000-memory.dmp

Filesize
8KB

Download
memory/1664-50-0x0000024176700000-0x0000024176800000-memory.dmp

Filesize
1024KB

Download
memory/2452-84-0x00000236C22D0000-0x00000236C22D1000-memory.dmp

Filesize
4KB

Download
memory/2452-126-0x00000236BFCE0000-0x00000236BFCE2000-memory.dmp

Filesize
8KB

Download
memory/2452-129-0x00000236BABE0000-0x00000236BABE1000-memory.dmp

Filesize
4KB

Download
memory/2452-16-0x00000236BBA20000-0x00000236BBA30000-memory.dmp

Filesize
64KB

Download
memory/2452-85-0x00000236C22E0000-0x00000236C22E1000-memory.dmp

Filesize
4KB

Download
memory/2452-133-0x00000236B8FC0000-0x00000236B8FC1000-memory.dmp

Filesize
4KB

Download
memory/2452-35-0x00000236B8FD0000-0x00000236B8FD2000-memory.dmp

Filesize
8KB

Download
memory/2452-0-0x00000236BB920000-0x00000236BB930000-memory.dmp

Filesize
64KB

Download
memory/4492-45-0x0000028EF2600000-0x0000028EF2700000-memory.dmp

Filesize
1024KB

Download