hxxps://github[.]com/Lachine1/xmrig-scripts/raw/main/linux[.]sh

Analysis

max time kernel
2699s
max time network
2700s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
25-06-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh

Score

8^/10

discovery execution persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	unMiner.exe

Executes dropped EXE 7 IoCs

pid	Process
1544	unMiner.2.7.0-beta-mfi.exe
2096	unMiner.exe
316	unMiner.exe
1680	unMiner.exe
2004	unMiner.exe
1816	unMiner.exe
3512	xmrig.exe

Loads dropped DLL 19 IoCs

pid	Process
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
2096	unMiner.exe
316	unMiner.exe
316	unMiner.exe
316	unMiner.exe
316	unMiner.exe
1680	unMiner.exe
2004	unMiner.exe
1816	unMiner.exe
1816	unMiner.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 11 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 10 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
7008	powershell.exe
1592	powershell.exe
1480	powershell.exe
3920	powershell.exe
6980	powershell.exe
6992	powershell.exe
3352	powershell.exe
4264	powershell.exe
4612	powershell.exe
1124	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	unMiner.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	unMiner.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	unMiner.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	unMiner.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	unMiner.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	unMiner.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	unMiner.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	reg.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1880	tasklist.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638068110223396"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 32b8aa251fc7da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "639"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url4 = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "538"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a90893841cc7da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "12845"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "12933"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "426146292"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f0da486f1cc7da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\unmineable.com\NumberOfSubdo = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2164	chrome.exe
2164	chrome.exe
5288	chrome.exe
5288	chrome.exe
1544	unMiner.2.7.0-beta-mfi.exe
1544	unMiner.2.7.0-beta-mfi.exe
1880	tasklist.exe
1880	tasklist.exe
1680	unMiner.exe
1680	unMiner.exe
2004	unMiner.exe
2004	unMiner.exe
4264	powershell.exe
3352	powershell.exe
3352	powershell.exe
4264	powershell.exe
1480	powershell.exe
1480	powershell.exe
4264	powershell.exe
4612	powershell.exe
4612	powershell.exe
1592	powershell.exe
1592	powershell.exe
1124	powershell.exe
1124	powershell.exe
1480	powershell.exe
3920	powershell.exe
3920	powershell.exe
1592	powershell.exe
1124	powershell.exe
3352	powershell.exe
3920	powershell.exe
4612	powershell.exe
4264	powershell.exe
1592	powershell.exe
1480	powershell.exe
3920	powershell.exe
3352	powershell.exe
4612	powershell.exe
1124	powershell.exe
6992	powershell.exe
6992	powershell.exe
7008	powershell.exe
7008	powershell.exe
7008	powershell.exe
6980	powershell.exe
6980	powershell.exe
6992	powershell.exe
6980	powershell.exe
7224	chrome.exe
7224	chrome.exe
7008	powershell.exe
6992	powershell.exe
6980	powershell.exe
1816	unMiner.exe
1816	unMiner.exe
1816	unMiner.exe
1816	unMiner.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1636	osk.exe

Suspicious behavior: MapViewOfSection 16 IoCs

pid	Process
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
8020	MicrosoftEdgeCP.exe
8020	MicrosoftEdgeCP.exe
8020	MicrosoftEdgeCP.exe
8020	MicrosoftEdgeCP.exe
8020	MicrosoftEdgeCP.exe
8020	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5056	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5056	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5056	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5056	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2732	MicrosoftEdge.exe
Token: SeDebugPrivilege	2732	MicrosoftEdge.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
5288	chrome.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe
2096	unMiner.exe

Suspicious use of SetWindowsHookEx 58 IoCs

pid	Process
2732	MicrosoftEdge.exe
4760	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
4760	MicrosoftEdgeCP.exe
4364	MicrosoftEdgeCP.exe
4364	MicrosoftEdgeCP.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
5896	DllHost.exe
1636	osk.exe
5896	DllHost.exe
1636	osk.exe
5896	DllHost.exe
1636	osk.exe
5896	DllHost.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1788	MicrosoftEdge.exe
1636	osk.exe
8020	MicrosoftEdgeCP.exe
8020	MicrosoftEdgeCP.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe
1636	osk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 204	4760	MicrosoftEdgeCP.exe	79
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 4760 wrote to memory of 1460	4760	MicrosoftEdgeCP.exe	77
PID 2188 wrote to memory of 4376	2188	chrome.exe	86
PID 2188 wrote to memory of 4376	2188	chrome.exe	86
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 2648	2188	chrome.exe	88
PID 2188 wrote to memory of 4184	2188	chrome.exe	89
PID 2188 wrote to memory of 4184	2188	chrome.exe	89

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh"
1⤵
PID:1292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4044

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4760

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1460

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3988

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffc39f99758,0x7ffc39f99768,0x7ffc39f99778
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:2
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3800 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5116 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3668 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2992 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4988 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=972 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3960 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2400 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5388 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5460 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5464 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5916 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5604 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6276 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6372 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6496 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6516 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6540 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6556 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7180 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7356 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7504 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7060 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6360 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7676 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6704 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7704 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7340 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8480 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8408 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7852 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8580 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8568 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7228 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7240 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6772 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8036 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6156 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7544 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7140 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6912 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6888 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8860 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7712 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8168 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=1068 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=2196 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8376 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5204 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7800 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=4508 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7776 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=6036 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7464 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7844 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5752 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8884 --field-trial-handle=1788,i,1736673586650924259,12039750279665614372,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8
1⤵
PID:2152

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc39f99758,0x7ffc39f99768,0x7ffc39f99778
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5064 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2956 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3648 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3428 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5332 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5464 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5776 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5916 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6060 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6212 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6420 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6552 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6560 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6472 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6584 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6480 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7280 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7492 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7684 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5300 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6744 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7516 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7588 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7532 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5212 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5204 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5156 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7380 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7328 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=3048 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5588 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7504 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3100 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7828 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6292 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=2952 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=2972 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6208 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5084 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7576 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=4632 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5024 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7780 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7828 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6056 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=3144 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6036 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5592 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7320 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6304 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=1056 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4416 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7948 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6492 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8136 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8168 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1760,i,16027287859861895003,7539471245539994625,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7224

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:512

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" -Embedding
1⤵
PID:5760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5188

C:\Users\Admin\Downloads\unMiner.2.7.0-beta-mfi.exe
"C:\Users\Admin\Downloads\unMiner.2.7.0-beta-mfi.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1544
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq unMiner.exe" | find "unMiner.exe"
  2⤵
  PID:208
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq unMiner.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    PID:1880
- - C:\Windows\SysWOW64\find.exe
    find "unMiner.exe"
    3⤵
    PID:1324

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- Suspicious use of SetWindowsHookEx
PID:5896

C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
"C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:2096
- C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
  "C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe" --type=gpu-process --field-trial-handle=1540,16564752661313014288,14671871918393670727,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1592 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:316
- C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
  "C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe" --type=utility --field-trial-handle=1540,16564752661313014288,14671871918393670727,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1920 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
  "C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe" --type=renderer --field-trial-handle=1540,16564752661313014288,14671871918393670727,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=electron.app.unMiner --app-path="C:\Users\Admin\AppData\Local\Programs\unMiner\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\unMiner\resources\app.asar\dist\electron\static\ws.js" --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2076 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:3388
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:3480
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1592
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3352
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1480
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1124
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4612
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4264
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet"
    3⤵
    PID:6904
  - - C:\Windows\system32\reg.exe
      reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet
      4⤵
      Checks processor information in registry
      PID:6960
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:6980
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:6992
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:7008
- - C:\Users\Admin\AppData\Local\Programs\unMiner\resources\miners\win32\xmrig-6.21.3\xmrig.exe
    C:\Users\Admin\AppData\Local\Programs\unMiner\resources\miners\win32\xmrig-6.21.3\xmrig.exe -o stratum+tcp://rx.unmineable.com:3333 -k -u USDT:TScmMemZier9zmbgmik395DreowgQT8o9v.unmineable_miner_siyzkkes --no-color --http-port=60070 -a rx
    3⤵
    - Executes dropped EXE
    PID:3512
- C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
  "C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe" --type=gpu-process --field-trial-handle=1540,16564752661313014288,14671871918393670727,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAEAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=2336 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1816

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:7272

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:8020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:7800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:8060

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
PID:5492

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
b9b9f42ce6d2b20bf169d05480d239d4

SHA1
32b094cc2ff79f07fcd68d585846b919bc350e4d

SHA256
4d16bb8c9a34d4de9d39bb5f0e87095617b5ad551112db17b38b6cb752fbdae4

SHA512
36b45c544439c6b1fab4c2fa58712475a65ad467e3da61086c4a953d6587d35f5c6ae7de740863295ae0d3534cbf67d0bed6843d95b6786b50431bfeebcf1010

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
8f4bd73bba60460cff3e171b94cbd2e1

SHA1
b6dde9bc6ab2a851139b518b24fc163a865094c3

SHA256
77664f097a6b2a7176017ad346bd5304defd7380b0a78a7eac9c0c1a3ea16f55

SHA512
a05145420a2959573409bc205fa8083861c45a00984ddbb8fd831d712756c36b073f0b54541d3f786b1a4dea6ba4d4798301f22c0df6639bd8b299683982f529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c86640aaa33658aa24db5a9e946108b5

SHA1
42a8819c961a6db7e165a84bab0781ef72e71d81

SHA256
bad1ea3662cf7bbc1c20e838088b1b20eb1cdc6060eff54f7513c67a6bfd0717

SHA512
5fea5255ffee9a38d99ff112b0ccadccc5c08458ba90d91655a92bbfdb83d921188bd1952893c934467d211b10e6b9f89ae8b4a5fe1a3db1124641f86897fc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1bb8414b-dcb5-4401-bff8-26070e1ccc44.tmp

Filesize
7KB

MD5
da57d9b6563827437e3b2a3c6fa301a3

SHA1
1f5e6fb0405a5caa00d86819c2680d29b8db5bbf

SHA256
057c1217477db3e20cfaa81b737b11b29005ff02aae899972d24a6cabe5a2f02

SHA512
552a07a91044b08d9a376b67e1c9a90070c06593f1698853e4d903bc6d0146722ef22f74fe2b90788d17c4fa4bdc408bf992c68fd756cf8ae87a64d27e5ed41b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
174KB

MD5
056d8d48d2ac08e9c07910fd031fcafa

SHA1
d2438c5c892c6fdd969e5f03e53b644e05aa10ec

SHA256
997b40d03a2af5c5c174df937bf6391ebab3108e5658786a72ce9eb2dfe317e4

SHA512
957f4ef73a863b44c2f26e95b983393a7f31904b9a1142765b512829080baecbf523bf8bb7b440c5b70e4a4e91fe330b4001bd47c50ec934eed44027670f732c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
71KB

MD5
21dab2772c630855b88d662b6fc16b48

SHA1
823a3626c0b26adb32df45fe235b029ca8e49f94

SHA256
91cdb014ede3aeb6f6829a00b1434417bbbf803570e03f6f05fdf2a77af4cb5f

SHA512
a9c224a40d0fe75f66612470991faf26659e051a4d03eb397529df4cfccc416d62487f7645728c34911dbbc3710ff61ce7754cddca3095ec167effb9bea9702e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
30KB

MD5
65162f996ce398fa95636a0793ade83b

SHA1
9566ac2aaa5ae50d6255efeec82d974f8598be9a

SHA256
fb9d7136ea2365dd3f8ed4a35a71327a5bed5a7a7959f6b9dfb0c38414da32da

SHA512
8fd7858e81b88a9e60f00a3c70ccd7534da524c124a88f3fdc47570a59b87a2592434aa27a451a7dee6cf2160d61af24bbd214c35f49104dd5f5754996dd69f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af

Filesize
137KB

MD5
4abaab8e7de1b432de604b80bb1ed6d9

SHA1
b2b6af238b1a5447d6a1298fd5437331ca53a9ab

SHA256
f1bca05f29b170f9ac7ead7d29850d5b54a2878596ece51edf5947f529f2dd18

SHA512
72ed23003c13bdca7cec70becde014e5654fea43b9776e1c013733bc94084e94698fbdc982f5507ec16b03dafba50c26d2e5bd1c9f4efc808d27d75a835b5241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b2

Filesize
250KB

MD5
9a23e02c51224896115a872ee5f62800

SHA1
447ac79a43947ca2519a6a9e4d63333c81156c06

SHA256
f6acbc67934394aa13122f6cb281e96a0765dca464725108b63b046da126831b

SHA512
9d1e4546a4ced1959212bd1c0f0f8f8a09e6d69b85db5d9cd0172c614745c46143b269ac9a47253fadccfd5834f2db03d35398db16419607b4e749fbd8938321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b6

Filesize
142KB

MD5
25851d979c841f8b89dbe3218c12160b

SHA1
6ff9133123dd5d855642ece0a5600941dc1e2a21

SHA256
8bfd4f08f5e3b456ba52571c86a9f18e889dc2d337752c1cb442c0087cdc79c0

SHA512
a58580a81a3a35004d742309c8f44edf84d5d55b14be1d91378da68196d5f599f1e137f20da6c051013037ef8175121df8f2c26d5b8cdefcb57385bbb47a55ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b9

Filesize
76KB

MD5
780da1b5b535dbaac26fac4b4b016d90

SHA1
2105ccd0677faa41b50b8b37fefb10fee2df18b6

SHA256
a81b5d63b6122abca07088a5edb93b7561798a662c583a0c66f42e9561af6d30

SHA512
7a04f6dc150ad2b18015ad501118b16d89cec92f15952f8e414ddd721d100394dc5350f4d8f4dccf803c2612267eb869e3eae8fecf947f4f9c6def6a443b4cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bc

Filesize
107KB

MD5
27df62a07c2e93c196302ba0931c5001

SHA1
7dea0ac816114d98cf272e062014ed4a12b755ff

SHA256
88c157bfb97579e9d15e4d9397bf0db75b96ea526567a2b42583b3da18003db6

SHA512
013587fdc8a40bae312134eccf9883fc10d1c626d0befa6bbfbfb8b6f93345bb769858946d6994df9eea8e5dec0c39aa33db36058cc2d0c38e69b32076bcfe41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bd

Filesize
23KB

MD5
984850a72d69f48adee0195c308c81fe

SHA1
816f7155f2ca133c1d3ad7083766731326920e30

SHA256
7f1a72a83330106b371210cff5640db8038b6a9246b3488ecb111f26835d050a

SHA512
fd9b9c36fc9073ad747170433922f989f2e2206971ad2a376f9c10c1bae5743fc04cae76a4eed8cd1466ded8f207a8828e9dcae43377c63cf7988a393066dec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c0

Filesize
27KB

MD5
7820201f0db0c706a0ea5bb7ce018ef2

SHA1
6d116650afbb3b25bfd6226c7d5ee00dd1fe4515

SHA256
04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a

SHA512
bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d3

Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000109

Filesize
98KB

MD5
0d5a212d8c2029a60cce8178d6437482

SHA1
b8335dab89c63fc4526a2c1225528a0190205366

SHA256
8359279a768d7f7b0b9590d3a4754e33c2a3816163a40b58f6d4ce6bcaac2b5b

SHA512
d32935dbb809586cd01f7cdc3887fc003cf9801747f6ecd59d31b4a377cbb05687db29e6f73982765a3ca41ca5d37aa926b103e85f24fd60a4063851dffa9254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\920445ca75376f6a_0

Filesize
229B

MD5
fe77b78e8636ac1644505e600025ab6e

SHA1
78bbcf9a426c9edb149731adb21bf110a25e71a9

SHA256
06f38be3a9da5b5ffd2845f44d6d04d2e9e49ffd639b2cd6bdfb1712644cb28a

SHA512
53c7a281cac2a7a5885f4caff7029001164eb8c7300ddd2b791ba7d5a16448a0b86ab1b461e28fe9a60fbf563041fd71ac066cced7672808c11b5799cdd2b9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b08f5ef5f0e01c45405aed221df51990

SHA1
e8aebc139d6901ff0833b5fbbbaf36580c608ad2

SHA256
68b08024bf79c718da6eb66abc1d0a81eb955b67d0e4982b92376958c5096729

SHA512
d5fb404ca6262d67cdbd76ecbed24ee706cebdeeaf76d240f4717afdf23658401606b1fdc42f8daec32ab3fd4f45daf8523d22b746da676b6d57a27671d78eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
285cafcac6f880507753c4b23a1abb5b

SHA1
696f12cc31e268efddf5ec35692ec8b5fc162847

SHA256
c777bd970895309fb74e7f74187a8008c16af5cf20bf1ac688e0a1f21a45e989

SHA512
402f48827ab866625731774c830d40bc3364ca46a37d0095add88e228ffecff20cef61626f90c0b64100d9c84bf02264b70c77c6c2fe14ee1f9adf3b2e1de1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
d7f44b7cc235f03dd6fd613369387b8f

SHA1
a178739c563ef08f669333d714ef111c80c07505

SHA256
7aa96f5134b8faace7970bab3fa5c6f6e6e78c57b1e08f1fadf9dc7554f71519

SHA512
4389f6ee826fd779d61eeb15fa425199493efd85c6f10914f77f66204c7cff2bf557dbf631b498ccba9c5d9097107c17179c635eacc96630a628d5c6443458ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
200d022f768ccb13f282f1ad0e8c6ff8

SHA1
91c69225767c2a1ed2aa00e1e8a5941b673249fd

SHA256
eb2e9756d07ab6defa2571a4784272b051c83ade7d9b085446d8d2d11ad9a787

SHA512
9f1ebe7543a9e4dbc5a9d0dd50ceb95efa5d82a5d86ccaf9efa31208f899c584311f0e19032c71fc66f240a95398e6496c63f678020326c2ab008b18f5f9d4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b41a72bb211433483965ae85b5228edf

SHA1
baf1fc7f165e5c15fb2ea5a80391cb2f4c3e38c3

SHA256
1d84022c748215b04f567ee07fc1b65021cca88fc89682c52016183701e46d46

SHA512
f73340814d19b242ed9956a3985cf3b74b7b3f044c42230dcf2592ac18dd2c89c2b9c8e6e6baa61872b95365855cb1f05dbbf469f09e59ba88883c156367c6f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
69c12add26d09f57e05cea5fdae8f474

SHA1
bebd55e393d7e930986ee69984da057f251468f4

SHA256
b7f03404e01fc23a8af8b6cfbd1b01e2ee8a44991fae929ac809ac7dbc0f5717

SHA512
5e64c43d84ed34f0cc462e4963228e8d6264d2c7681aa20d43b4fdcf7167909a75bd50826c48ac5ca7f47c61c245e5b1e981ec96b79ed0307cd1bca925677957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c1975aa49c1b1b2b96970146f4c676ea

SHA1
167f542fce90d66aa6e3165e8141411a6e644c7a

SHA256
9fddb48ec9c2f143908fc90a3d50faf4060cc1ed6609971c54853e58e4db2960

SHA512
b7d5095992186ede0911edc891dd59f4bdf5f43a3bef9d983dc86fe79f8ac93037937510b115d9341011f0c21d7e8619b13c073e6c8a4139b937f6e199827d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
73c2c3b3e252f454e3a1a5095fd4dfd1

SHA1
2d5a8319596b8a90e15cfd36d3e1767a979bb5b7

SHA256
862efbe361d50015e45f721b5ef6426af089600abb5cdea3db1c5489253eca6e

SHA512
2a2404307f6c71b290a90f6c9b6912af0ed8017a1ef26a2ad8a94da8b70f4ddb7514a7d328de6cb82bb0f3bd16336e3d2552da917ab8a44c32a5f2e3e68de3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
6c98c5b7161157096f52d9027617d153

SHA1
91ffe4619e64e0089a24709fb515d14edae2b68f

SHA256
1962567adb1a1325f1a3d217536c8814324d17b6c972519a0921cdf497213151

SHA512
f958bc747f4ac033c3a0ddde854e617e7ffb70e0c01ab11e6ffc95846a2d5563a5ecad54b64b7f4bc035307c044120a87d47f75f75bd6b4df7cb467284c00aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d9a427647546d8e6f92a3b46cefec741

SHA1
33813deef6c277e51a30e2a29a5638b9fc10f60f

SHA256
e133b3f011d3881980eac2836f4919a129809720d9121d4282be11115180ffe6

SHA512
f119e57d08308686a4735a00d94834b3fc6048599fd372413ac3fdccd5307b859ed495e5b90a44721aedebc77df1c528bdf6f285011f9376520c405b25f26ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
533B

MD5
58ab643876713436318fdf9ee189d62f

SHA1
f48b3b6204572d9cac08455d369bfbadb4954a58

SHA256
1127acbea4704fc84240dc0607f1e102d42f3c52106b141431b8ffdff66cb6e8

SHA512
765ac4d72b4b52aa8c347e764ffaa64eebc372a2897bcdf4d300721d862490d0364a3084655483fd5d7b8ca762ca61154b57dfd6a4c9206bcd20325a59ca48f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
533B

MD5
d6ffbe34de8b32033388109a015c38a6

SHA1
94c25d86f2c94ce0c255c2e6418396774f665171

SHA256
0425f5b7c23ce48426e6301866e4239c3bd8d37f485cfb52079080349591a6cd

SHA512
ec920d27cd2462254817ecaffe44ab0e3ff189301c37302f0e287e3c9db847c410aa25a9251841cd04f2e85237f70e23c49df4d25bd5d26e4d82bc4cfce8107d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a518d210c534947f8ee213192e10747e

SHA1
86832aa1e96586482689b22c2bf75f1b9d12db2e

SHA256
9572a079006f3b068470e6c20a36e6f91850c4c92d0609f4802fef9680484271

SHA512
f324f4f9ec5f13efe5c06cd40e7ed187fe7d3808b52d371cd4143e1365d6bf8be363f070429bc10feb7b307bc6c98af1063dddeb1ee035c591c8e09e58d5abb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
b2d1f2f76fc90f12198ec09ba26fc345

SHA1
11150c913a60116f14585ad7688574d786402197

SHA256
237a44eea902c4c8de1bd12ca4c19687d93140a8a4b9f8b81f6a698cf636b402

SHA512
06539f5189fbe10ad752119ffce5aa33b45328dda30359e80c7324b2121b67ef00c10139eb34a5f87ba0b551907c4d6a05c9b6244844d8ef1f88034aa6811e5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
2e8d046ce6c008078601f2ea371d3e1e

SHA1
392c12526c2366b06ced5b8ad10d9008cef6f3f1

SHA256
e1bc1515e6812e878c37a8d91838d67fdb451c60128d56ab87747d96bce1bee2

SHA512
09dc50057b292a8c5f670e9093bd30611e6beab372882dccb68f7ef4413842ccdff215b0d0e8bcee14de2027166e6cdb17c6fc640f561549ed3397a3e117b584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
ee10b6a0406e2536d056269357dc8043

SHA1
427c54987b8fdb200598842c96b3cfc47d9d492f

SHA256
402e6e33f7181aaf0f817f18f1430bc54cfee779dd92c79114f2fdcc705b51d7

SHA512
3d054c20859b438c37975ad98d5d5c0d792bf53212a75d432783a30d3847db1f648980fa035ef6943637c0d3c3e5d1ae20da1e690f573168d19fc4d1ab5ca20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5ebf69027d7a6df27dabdee68db94c2c

SHA1
9fbe4d7b4a91eba01ccbc5052500bed8921304bc

SHA256
19bed9b1960582ebe7de77c6a651933bc9930b4a6f90858a3ef91a4dcf9f0b8e

SHA512
5e14655d4cada567ed039dc9918fddb0fe66dfd04bb485e14d9b66056eb05bfd1263c5bd15de8a407c749275ea0afc7cd32a5db57ec1893c7bc836c03c97d93c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
09d0bcac102cac10b26c636f77d07d13

SHA1
eab5fb19e99093fed37b1bb134e88ace7a164444

SHA256
e0b02e25f391fa6634341f6277faf8d7e74616ad4ae090ab93168d444a023c95

SHA512
2dcf2114d74dc4d0b22d18d0b2c2f718dd0550212036a9be8bcd7774bb43b3102f3d0e5d67a9ed4e5806d0519f17d0e2cabcb242550a874ca62d4545cc265e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
5b37469d73fc8e49a17c8ab7b6e7f6af

SHA1
b1cbdddd8ae3cfe83f892966fb509f2418b3007f

SHA256
d5f381bacd3fe0db753f1fa221991241d8137b06609af44e07f91c439ba8bbf5

SHA512
a96ec720635c79140df37edfc837b8eef754ef69ea26a5655197d569f9d81a66eb09673ea0c70f3599796d83ae2a27441fe1122f738b09d86d8388c601f58969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4b6ce9a76a3c298ff54da7828159380a

SHA1
d5e5034de6c383451e3e8c27ef4d38954a127388

SHA256
0950ddf0590177cce8e52e0a853bab11ae14002c48adf41e7964eb36568b3b8c

SHA512
36c6b50a27a3aaa20df6531da87d72aef784822e975c42726d25f85b9d7192152f20f1300e4d53b0d58d13e60a59c858a851b89d4d0618c7a86c27999771b986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
eaadf89dbbbfcb7aa9f8435e9e1d8d78

SHA1
0059511e29fec1cb7fc65b282fc0b0c1dd30d801

SHA256
108656fb54e912b6331a7f1535b99f95db98aa84d2f7d9f07be036dd8accbadd

SHA512
504acd2f500be9a3067a7f052fe0636e23c463ef06e5a413cb9bb69d27783ad3fb7eac8f7d85085ae99d9e0d88187f533aa9c5c4d927acd834710cc69a3e3ac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e1efab5d1c92e31425bd6af90c04fd1b

SHA1
0b3ff3c6cbac2f759cc8fd0253e814e849e0e39d

SHA256
8dad8cfa5e434f5bcd3466fa7387c9ca1caa8d73253a2eaba23be4d86e977706

SHA512
2bb2e1f1f91fe117570035dcc9e4b5f3bb57ee4844f48b297edee6948934fa7da45f83c8e9bbfdcaed20eeee0d144755287c99dfd6b5a3c6b4136c3d1acf3acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
70db530f843d45989b2e4ae9f3762556

SHA1
310b44fe80023ab7d7ba3aa6823ae82168fa9f71

SHA256
761b24ffe79636d9cb6afd794d2f7d1aacd02f9d2b68728a90ac4d4cc1f58f9d

SHA512
d10ff2283d7190d34141fe2b997b8331a80bf2effb73f4dd2d1e45fc1bea482bffe5c17e97a545f144522c56d85705db405d15249fe5036f00380888ff409f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6d6f85d7e7327fda2e06a0c2a85d13a1

SHA1
3b093adb3b15e39e495d3a298c4696f5a84d3a99

SHA256
420eb6c56a9f5fd44be28e7ace06468a7b53620221b4aa690b84de30f08cdb04

SHA512
cfcb067781d3deb597346e7229160b564776d3aa44c7bd2cdd93cac1df446ba25b4f4e800621769ad383e77eb417c33653c92ae6f30f2271f9aec018ddadae3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
428187208abe12a45057d9e9f20fba79

SHA1
846c3e17e224d7fc6fc6200f9d89f57748e00123

SHA256
c5338d169a6ace534b6c60e7f7c522fb64438be4c4e4926af6ca98a17ca9a93d

SHA512
7f1bb4592eda2a5e8bb1dc5e522288bcc86dd2191e07c6bb96d4c67990a91e526c110fe7f2408c5e32672e46c0bd7cd687976e8a01e5231b82c4e3fc529257bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1c5ae00803a1226975885dff31cad7ce

SHA1
f1d376e15895488452215a1596ba74d9592f1824

SHA256
e5de67455d2292cdf6546502556acd112b0753be8e531b5da545c75d91f5cb99

SHA512
52fb0b4a21ddc87ca000bff40195199fce657920310340aa85c80017fe95e1199929a11f79656e0ca2776c6c2a89042012b146237a05aef9335c38b6f5e55d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
165b56b337cec86840af68086b9b3bc3

SHA1
f95ba4d71976b27a38d98ae32c5b11265a457c9d

SHA256
2a27b4d6c5be40c33e12e25c5984afd0b8b0a6c1e1d032cd91c5db978d7815fd

SHA512
4a39c5021921edafc108f56f1a5d3fffa18896ed6e6eae24e38c5e584c9748ddc2ff440b997589cf3ee71ca156c8bfff7b8da085e6a84408ce8debaabeaa679a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e88da8325f4bd33a9135240eb641cbd6

SHA1
2f14628ddd898875e7126d81a09c63ae13797cf3

SHA256
d8e0a68d6cfd4f455310fe962de955c0cb7d2d1eaaad4ada489b9885548210e3

SHA512
faa4d854c3eec66ecfca5c9ec9538f8a0c00ece265ed48803beb7515ef2b8e65f6a9ff2763f9b6e9a733848222531234d35a2a8942b1ff7467227774524bcb4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c4e945c7172d0da5a3ca57d07738dce0

SHA1
8a5a0bb7a9f75b33bde252a5b75b2c46f26ae80b

SHA256
74f95578a377508363e9b67af4be9816f0f5783f27ac14f1230b03794211d766

SHA512
ab4d5e6084bfa468e2ad446e9f12b35cf197e11a7a57253d5dbfa614e475421a49e3c513e0c40302634f0127c67da6db185fe4976b58b533118782c78e22d9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6e8a04886c3649de160c22f40689ac4d

SHA1
6e7a07e6b1e8fc10b6bcdb0513fc0a94c2e400c1

SHA256
ce623a80b1fa2e84d292e993b68ff8cba1c30e32239b364d7d9d4a286e320dba

SHA512
9e87129bd5a2c2b1f407f0116952b967adf546e19676294226221241fe34d8f4d2a6fc3ea52320c628fce5332bbaee9d76d014946dceb3ad9b65b2d3a6a3ce1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
38f952ccc76de698509b3a03e8faaaf4

SHA1
5a09a76faaa8e7f7d68988f6c07c2ee7416079b1

SHA256
b77518ef15be2452a9ded1e0f61a382568826e7c5a37c05b26d284929c119a9a

SHA512
53ecfb24162c6c845c50a46e12bd4c996ebafa7ea1c457764f3e5856bc09206eaae36b0bc2081a9d62449b55cb804faf4ecf0d267ea6668459045271599d82f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bf2d4f1fa3151b6626b447f5fcb476ca

SHA1
ace292115049ae526f582d4dcc7f92917538faf3

SHA256
472f7f81b921d29ab7a057cfceff7234211a77c49a21d9cdacf2b5a4936009c1

SHA512
93351c416271ea05f55052c980b484f249ffe6c2187fc2ebe124b0cd9a92b815c1cda0ae6c2bd27d0dac7a030c870e7f0e9855f4081fa64bc329063f171b70ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5ad4f828fc1552a4528e820b462b412b

SHA1
fc92a26a5402c2695f6773cc22ad88f757bae712

SHA256
05bb3a0429d10603fb08c525e3b68b2d4d70fdae6130e9e74885c38903af89b6

SHA512
961faa5104bebd5c789a37835ec2059a267c2b4864837662b053929f7d36744b3f56d3a947b0448063484438bc99954324c3937d38e57a2084de548ebc7bede8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
763cda70061cbaf9da5341d59d27f66b

SHA1
801922b3f3121d540c06c1da520bac7571384ec6

SHA256
48a48310fef9eeec89123ddff045651858025fde98c1f1839044393ae7f9f3b2

SHA512
fe485df755c9a5764fdd9dd03eac666d037eae79b12ac31900c949a226bf86b911bb11a385a11c0b6933de587b095824c369cfadf30b368f386aa6506a741144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
aba231278475eaba003d9095f9590ffa

SHA1
15185ddd93d205db07592bcd9fafc818f935e245

SHA256
f469b2a5e6163e2da4959c1a7aca678e86eee772c6ff9d7dcc7e04141b8b0f57

SHA512
5fac0593d000c46d55022b48c2d7de39f905e77c501314b939deac48fc3effd74ad0e050221a7757bf8abf7b7c6d723350c37ecc7146718825afc746a5fd1780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe62c638.TMP

Filesize
120B

MD5
5139a79f76a741fd4871856ebc30da7b

SHA1
bdfe70468004d8a4e436d0867598cb7f822302a1

SHA256
e7aa499429acc82d8f114b339658d13091c3dd9b48dc427d9f24cd279d885e5e

SHA512
3ee11e667adec22c9b939d413c185fe0391a6f6bf3bbcf235feb78a537ca2828da3e5326d808e493b32ac5145f40a98cbf7acc4c41260d79d5d135cb94a1a79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
289KB

MD5
1629188aa211e97a41a66321f613beb2

SHA1
f6c7389a2caa4d3e84fc565288940d3caeb1ffa3

SHA256
d08792392a5d5b2c772040af92edf406eebb6d2358f3e114e7f7383a26b15a46

SHA512
5806279f111a4c1b6d8f5e212b6c27e1f745eebe0aef65a4b08e3c2d593fb81d0d35e2e3180194bf02665dfe3ed8db9cab25805dd94d76e9151e6f745abf86f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
dc394c4cc804ea557fd48d1dc608a369

SHA1
b7345d69fad9124931a402b50f1afeccad1004b9

SHA256
3f4842a69a7bf4435233ab44aa7ce558c13b1d58df37364d6baf235745dcfc8f

SHA512
814133f0752d7af2268c468b8b1ff51af8e197ff3adcdbb5e4d1040b618f2d04cd9c6b3ffc0b3f1c9c97c946c381deb7f5e86a95968e694c9b8b02771cc20250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
289KB

MD5
dcdf5e5f0d7b732710056a5f7df3d9c4

SHA1
fd7f1796c95b69bd9df12a519b2a864aee4297e7

SHA256
1d1fd64559dd0428893014e43ca29e0a033142b80cdfbd451787093f80819394

SHA512
e4c90a8d37f038ea1101e737754c6f8680642b7bf1fbb9d89ec7b6133550b4c3eef6e7036e079df291538664115b0fa6e249ae7bfb2d0c581dd4593945d294c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
47352f4814ecfef07d3381afc2f27afc

SHA1
549ae39dbb152ac11282a2503649c0031529eb8f

SHA256
2071bb24549268ed8f106da7392caafa0de9783e298ed67fbf37b517de55db79

SHA512
4278ed034f34c8ee06129876f22628021267ed48a5dbd07f5ce8634128474b376f8a407382e869c31364f3cbe27d5529213122421ad19ab308a9cf44f8bf0e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
1ad94d9b6a1beeaec1239cd0f7f8d787

SHA1
e8ffca648721cfc88e6736f857f0e7389c4bb4ed

SHA256
dba1ce477238a370196d5a7f986c19d90a1b79c79c204df745a04606b7773eb3

SHA512
af4c9b84ea414011b2f45f9083e1e34caca04bb34bd49a8a19f79cf5eb087fa78ff4a8202047eb1dc79e2498b67526023168f1a7b157a26b457c4740a3741205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
66c06799c3b33c11f02806b03c34579b

SHA1
eab33161dbeb7d7e1a3a786739540ea5781b902b

SHA256
bf3769f477255543c0abb4f93b0cdc28761acb1eb5a06cb11940ce7fe31aecae

SHA512
62a022960863f88c2fce93110b6d7432713c048e0f19e7ffacb96fe210b110e706f9d527a3f13483aa99b57fab844a3829fde66a6fe6a6ba21bb5e6d31d26eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
8860f2534ff89eea7e702c4edb4737c5

SHA1
4bec386bfb2d9b6a1f4abcbcb293bfc97cc781a8

SHA256
288aca85fafb62f2ac3245e70d7a628fb0dd6298a2e3101bde0d6a44dd438fe7

SHA512
42df361f929abdb9bf58ee0aa8ef1957dab7ac25a18109905a7483db725bd8d14faed1f920686cd3eb48353cdbe237258a9469ff667029ab965a2462acccf4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
afb37d456afcf28f5bd27db4d2f64253

SHA1
d2f4a667ca0f23c971086bce8cd829afccdb08b2

SHA256
59b233fabc3edcc3e28c4218b0bafc1a6a47c1984e2fdeb673d66c546cec4f83

SHA512
dfad103882fcaab2c7e51948fd2589548ab2ae6b4dcbf36b6c976910e97ecceee50cbc3cd8054b8e3395d0e9f1652c52213230e07332976f0e3e2c3dda9c507f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
2c774d0c5b076c9abe4a1cde88c1fb90

SHA1
bf629641195970e697d0cb1cd2d053a0f8752a2b

SHA256
680746d34814aed85a9cfefe578bd29263a1d016b968e352a28d4ca53d4dfea1

SHA512
d9ac0a7f046f45ef2917db475cf842d6217e1cc4a4c147811677caba70977d49eb6bb9917341acd865ea82a958ecc68366ae51b9f7dda5a6b7a8adc67ca8c3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5f0a0b.TMP

Filesize
93KB

MD5
b539028c6aa1c76e57f5e251b8d436b5

SHA1
6269474231edf577e329a4e053f6ef400fde0e1a

SHA256
c8681064f7f84ff6dba5e0017b9654e0858cf542d63a588d84af5a1bffefd254

SHA512
a95e2c3645a4459d219d6c028be7c6de2b357ce6d64909073af28561b73e377f2bbdc364b6cc5242b5727369518ddab1add8de4a8d53ce54fced0bede2024bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\WJHVSVAS\www.msn[1].xml

Filesize
485B

MD5
0fc058f42397d6e19ea624d84273136e

SHA1
a2e80a0591323b8776e1cb2a0714ce4c8de957f0

SHA256
9f5ccf4684a81614a65e567bc23a6d7d458b07fd1dc93b936ac1d6cd9393dda0

SHA512
f1dcb52ceaeea100fcdb9dc9efd8507b77b2c11c244190eb38814caa45aad74eeca82f9b0eddb41c193b07110efb0f21a6f22a3969bdb0155887775900393530

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4J2O6FKV\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BBAOZ6VC\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BBAOZ6VC\favicon[2].png

Filesize
21KB

MD5
460001a1a68a498e31aed7388b0c6038

SHA1
12e21e72bf3d3140cc29edbc355c23e68c195a53

SHA256
eab1dbfc5babc3539aa81d65f75b44615db880df2b6edcd7697bc41962fc37b6

SHA512
f6b59fec10391eada4531929b186668625efda980b22f9f53668b096b3dc0d2af756fbc7a129e587608c3bfdeff31ed0ba80757cc977f61fd802c68bb15156f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OXK6KPY1\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
c5ecb9710801bfd6893101f06f0c96f2

SHA1
a135164c65e7d2d19ae235792b0dd9a120d81786

SHA256
9e5ad646bec2300d6459216937bcbc054d2986931126cef2d89ba37cfff29a3b

SHA512
1e252960735d243fab4ac13e9cde3e0d3d34153ee2e0e31bfea3239a3239d4ad96b1e3281583e625c25a47bab16963f92702e05a528cb237cce143f5ef851479

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF1C8BF48477D76BFC.TMP

Filesize
28KB

MD5
7b4441240be65036964b369a61a8072d

SHA1
c4847468825fe31e2d3ae32380cfeefe95eb1547

SHA256
af148ec48156c962848448d56f4e9f3fbdb4e856cad1e91a425e48743b23245e

SHA512
5709e11f06d3d206487e3964b5fe94da70c020c6ad7eacc83d7f56f0c5dfd71aecc92e5860db3a189b676f2340b3344e234585d2d7ede43c9c7abaab61a65b08

Download Submit
C:\Users\Admin\AppData\Local\Temp\4c0fd5f3-1cab-4723-a181-c2da875e2580.tmp.ico

Filesize
4KB

MD5
c77d51e37440c8152eaecfa7414279ec

SHA1
b2a96c470db78a5db21074e53d32f8a22c8d70cd

SHA256
8efd9f928ec28f7a101b246bbd5370af0a493451c2618ddeebf4e8aa787267d8

SHA512
a381347ccc977294c5f47743bc95fe6c834639df2eb879acf009b27eb6fbffe648bc717b078c93bd96470a73ac37464743221e9e879118860492cafd74515743

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_21qhsadz.shl.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse523D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse523D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_32B96A940601477099625F98F0AD2ECE.dat

Filesize
940B

MD5
0bd9a8184c1865a89beedc20926cdb15

SHA1
8e9b4b6f508c529341abae8098a49b2ac7aa2a00

SHA256
a0c2862f2a387b988a939d22a6f110785827c1733b3596f6a896e1bfa539029d

SHA512
b89490a940ca07f4102bcbcf8c1317ca8f5aab198ea563e99aa04af97056671f646e6db905818ff711a40ca2b7443d7e8b93f5fd90149605d5935303de21f56f

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\10f3aa85-1c97-4abb-8424-f1d76e0eb31e.tmp

Filesize
259B

MD5
82b91d25973c52190ac3b0fa496d4d9b

SHA1
e9e4b4b757f23d4d5629e28a49dd9e2d3c2dbd14

SHA256
a44e5f17fa99010c3e54beaee7baf24cf2f244bae7985202b96aef70ddad932b

SHA512
1b4660940fabcff1e1bafa426311c2db406103d2fc1b86248544011b4aa55074e6866bd4623957dd26762317cc0a457895fbca107d6f824018fd5a12c7d5c923

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\46515ad7-3bed-41c2-8452-bb377ff71fe1.tmp

Filesize
419B

MD5
97fbad61055997e140fd08f9a1c1c0bb

SHA1
c96e3309985d2e19f6d512b177a9fc648deb1fa4

SHA256
5d2b787124fe8df2168c63ef4376e551f70e3d3ea5b6bb9dbad6825a5ff2c3f6

SHA512
91ef7492f0225ceffcd5095b776bc47197210a5d6d00f29b2ca36ccf48b169050a9bb0755f13f243a859ca6c1986a8c2f70cc17911d8c6ba072b65f51f73b5a9

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\5d316ee9-cb37-43a2-92ca-ab859e7c3614.tmp

Filesize
419B

MD5
e78e027cc407b0c31a89537556514daa

SHA1
e6e382119d718822b86d9b160ea9da688e81677e

SHA256
f8574310a4ee32cde77192ee912a3100c94c4e3f552db0d7bb8808fe1123ace2

SHA512
1b5d7a0d2dbfc1b067c99f46ffdf151ae2e5246619f544bfd39b7213b968211e6531882c5b2b9a97792f980c778ba8ed72a12168eb6827742c78dbc74d633581

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\Network Persistent State~RFe649106.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\TransportSecurity~RFe63dc6b.TMP

Filesize
419B

MD5
5cf4f2fcd662adf8c3be47531611457c

SHA1
44ab2b55cf2fe23947a48ee4d8c6c09c181d9d40

SHA256
0f6073dfaa541346ed1cf621e80255f8b96e67b77aa1ac2b5d886dea572d0238

SHA512
07f0f59af1652aba515bcb11fc11f918be4e3180ac30113fbcd47ecef1165e22cf50079dd98649775da60d23599aadadb27b4a287eb3e8142527d8d5a58ed6ac

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\b69f90e2-7098-425a-972d-192b140f920b.tmp

Filesize
419B

MD5
ba7f41c7382a0daaa0096226346acda6

SHA1
76da351294ef8b55de6b44a2089c65d39f866001

SHA256
7ce7555ead24e165b2ceb204515704a2c96b9149649c3cdf8a44282e4b5a8bc2

SHA512
5b811b960c8254a1a9662d945f0a8b420c51a52fffe2b48140e0dcad1cc74b1c5a91596ec21ff87640560aa807f5c30dd1b263201c47e6799991f47176038714

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\d5ca4e8b-c65b-4405-922e-9cca59e0d3a0.tmp

Filesize
335B

MD5
d247da13f1a4ef7e43a5f7302579b6f6

SHA1
38ee9c6e8b1fd50024deee6d7844c0bc70098106

SHA256
0a89562abe5b23670f588fd09518ae5d384ffc43f742a0ae789cdef23ddf0a25

SHA512
8af73dcc87914963799647136c72285279fe5aa689914d0669739dad107cb441f57c972534a6a015fe3369fd7ec915f870cd1d23d558e17fcb65dd74d0f72f2e

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
293B

MD5
9aeac5c8d64f519dd008dda7ae3226a8

SHA1
e590d73941c5beccef2cf50ce1eb0bdf2bef2dba

SHA256
827bb2e4fa6d69e7fc897938aaca8096edba684ebe9263d4c0f257d7846b0212

SHA512
9705442a81459382b5c1d1886f1b8d01aea1596b4db6f132e7da83c5d913167f12e5f8bd43f0de460c3e79bb2cb93714827b0cd822f701e8653f0be3689581c4

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
339B

MD5
bfd0abc496589508f2a826afcc0ff537

SHA1
a9ccc5043eb23413bafaea6854d5cb9c402bf237

SHA256
1bd63cad66c5154ca6b22dbc047b8fb6f9d603869b40ce876c322917b19f03c1

SHA512
d1212819ec060d022c70ff439f75708d5ee0b409f616bdc824458909a2ce88496202bbf6eeaeddacbfbd689721036ef58ef39a3f9d24b015fc10b6bc2d53a32e

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
893B

MD5
59f67f6824e53bbadbaf8528e093fbc6

SHA1
6b82feb94ec8ebe20e1e8adc0d93bfef1602fd14

SHA256
e43b13859cbb8a018666380d521d294b1c5b12ac4e5dbe188446f679ba3a1da3

SHA512
780eda0a5c1f1a71215ea7b4f57529ca208f92b3f02a45b99a70e90a4393e546429c2533ecf8bbf0f07b94953cf25d0bf801e579a01d860e8d859b4aafeee670

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
1KB

MD5
e1a03805314d51b11c49a70f1dd7bad9

SHA1
4b6d2a8d8f2f3e22cb6a7541f6a59a809ce5696d

SHA256
59ea11d76b920e58e5fa2d4a4cefc71af393cfedcd0b8c2f29372bbd8cc499b8

SHA512
48642f16c964e7cd924e3533c25463c9ee6c69bbf3f3de4dfe026458b8867a34c611cc5293cf14a6c6b86471c8600bf4b79aa85ba6969a11727aa7ed82a5292a

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
1KB

MD5
241c24a95bb45d8ac0f6bda5043c055b

SHA1
8eade28d0325ac5c03d95fec95ef86be5cfe3141

SHA256
2b318a9e0a05801e4a93ed48c1867eae9df08811c279aae851f42a70117b9d0d

SHA512
1a4ea479ddcdfd520334d972c2c9da9223807e2a5bc5c2199c804d603f3a8bf524f25ef9d396c3aadff6bd2c5e35d1142c9ba7ef12404ae32e5c47da2c89f775

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
1KB

MD5
7ce9d8db8e9cb497fc4d98dc4882481a

SHA1
a066d732db47c8dd06abf7890a639aab5d8331dd

SHA256
b3cc33e391f3b5811da859896976c8d90a98f63460b8a39663d9abb900354a42

SHA512
6c138cd8b541d741cbb8b66b6c7e3a8c9ed365a92ac708fd18c2568026c68d0677472787f348ccf0cee3a1590e9c793eb5ce7f135bb82ae6603b8b8922d40f6c

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
1KB

MD5
85de660a6b0d9e9c0909cc220cf99c45

SHA1
d26e8c6dc481c8a2d0c3b77bf9b759457ad0abde

SHA256
e7634162643ea0c3b3b098ace41d39d81517177befc57ddcdb98527f059a593d

SHA512
8efc1a40b8d3e3ce24123d3f867089ff70fa9040c187ab516553ac4a452ed4249dd88538ffbefc69482a4b00d4e0fd8da22c14ee1caa297c3c7ccea7c8f0b6f3

Download Submit
memory/204-369-0x000001E323600000-0x000001E323700000-memory.dmp

Filesize
1024KB

Download
memory/204-463-0x000001EB369B0000-0x000001EB369B2000-memory.dmp

Filesize
8KB

Download
memory/204-401-0x000001EB35900000-0x000001EB35A00000-memory.dmp

Filesize
1024KB

Download
memory/204-411-0x000001EB36B40000-0x000001EB36B60000-memory.dmp

Filesize
128KB

Download
memory/204-420-0x000001EB36380000-0x000001EB36382000-memory.dmp

Filesize
8KB

Download
memory/204-422-0x000001EB365C0000-0x000001EB365C2000-memory.dmp

Filesize
8KB

Download
memory/204-424-0x000001EB365E0000-0x000001EB365E2000-memory.dmp

Filesize
8KB

Download
memory/1460-64-0x000002341B470000-0x000002341B472000-memory.dmp

Filesize
8KB

Download
memory/1460-72-0x000002342C000000-0x000002342C002000-memory.dmp

Filesize
8KB

Download
memory/1460-74-0x000002342C020000-0x000002342C022000-memory.dmp

Filesize
8KB

Download
memory/1460-70-0x000002342BE40000-0x000002342BE42000-memory.dmp

Filesize
8KB

Download
memory/1460-68-0x000002341B4F0000-0x000002341B4F2000-memory.dmp

Filesize
8KB

Download
memory/1460-66-0x000002341B4D0000-0x000002341B4D2000-memory.dmp

Filesize
8KB

Download
memory/1592-3570-0x0000020EF1C40000-0x0000020EF1C62000-memory.dmp

Filesize
136KB

Download
memory/1592-3551-0x0000020EF1C40000-0x0000020EF1C6A000-memory.dmp

Filesize
168KB

Download
memory/2732-344-0x000001E608DE0000-0x000001E608DE1000-memory.dmp

Filesize
4KB

Download
memory/2732-345-0x000001E608DF0000-0x000001E608DF1000-memory.dmp

Filesize
4KB

Download
memory/2732-16-0x000001E67FE20000-0x000001E67FE30000-memory.dmp

Filesize
64KB

Download
memory/2732-35-0x000001E604B30000-0x000001E604B32000-memory.dmp

Filesize
8KB

Download
memory/2732-0-0x000001E67FD20000-0x000001E67FD30000-memory.dmp

Filesize
64KB

Download
memory/4264-3098-0x0000028873E60000-0x0000028873E82000-memory.dmp

Filesize
136KB

Download
memory/4264-3140-0x0000028874440000-0x000002887447C000-memory.dmp

Filesize
240KB

Download
memory/4264-3219-0x0000028874500000-0x0000028874576000-memory.dmp

Filesize
472KB

Download
memory/4364-305-0x000001EEDE0E0000-0x000001EEDE100000-memory.dmp

Filesize
128KB

Download
memory/4364-310-0x000001EEDE180000-0x000001EEDE1A0000-memory.dmp

Filesize
128KB

Download
memory/4364-279-0x000001EEDD800000-0x000001EEDD900000-memory.dmp

Filesize
1024KB

Download
memory/4364-276-0x000001EEDCD00000-0x000001EEDCD20000-memory.dmp

Filesize
128KB

Download
memory/4364-198-0x000001EEDCD20000-0x000001EEDCD40000-memory.dmp

Filesize
128KB

Download
memory/4364-192-0x000001EECC6F0000-0x000001EECC7F0000-memory.dmp

Filesize
1024KB

Download
memory/4364-189-0x000001EECB800000-0x000001EECB900000-memory.dmp

Filesize
1024KB

Download
memory/4364-159-0x000001EECBD10000-0x000001EECBD30000-memory.dmp

Filesize
128KB

Download
memory/4364-149-0x000001EECBA20000-0x000001EECBA40000-memory.dmp

Filesize
128KB

Download
memory/5056-45-0x0000017F95380000-0x0000017F95480000-memory.dmp

Filesize
1024KB

Download