38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981

Resubmissions

02-07-2024 23:48

240702-3tl3eawdpf 10

02-07-2024 23:39

02-07-2024 23:36

02-07-2024 06:39

02-07-2024 06:28

02-07-2024 06:22

02-07-2024 06:05

02-07-2024 06:00

Analysis

max time kernel
127s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

piggy.png
Size

1.3MB
MD5

db441b970d8b070324fad09acb7ca77f
SHA1

d71a69ffc7c67b2bc338d809b2a7933d1139638a
SHA256

38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981
SHA512

49b8b422831afec6f9600f9ee03b6ff237abf548ffecb607a38992ae72c6d27820e980e79217c784b13b6df70d56482b26a06f058bb00a326e1564f7fcb1b55d
SSDEEP

24576:bNkiU39wq+8/EV7QXZyP2wWYMmxtJMdhBgf0n1BcFvnbz:bNV09wq+gECnGfJ0Bu0n1OZP

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exe

description	ioc	process
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644371292510416"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exechrome.exe

pid	process
960	msedge.exe
960	msedge.exe
2948	msedge.exe
2948	msedge.exe
1820	identity_helper.exe
1820	identity_helper.exe
2300	chrome.exe
2300	chrome.exe
5688	chrome.exe
5688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

Processes:

msedge.exechrome.exechrome.exe

pid	process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2300	chrome.exe
2300	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exechrome.exe

pid	process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2948	msedge.exe
5688	chrome.exe
5688	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exechrome.exe

pid	process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2948 wrote to memory of 1440	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 1440	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 4964	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 960	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 960	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe
PID 2948 wrote to memory of 384	2948	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\piggy.png
1⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7e9046f8,0x7ffe7e904708,0x7ffe7e904718
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
2⤵
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
2⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
2⤵
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
2⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
2⤵
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13838850426806139568,6169380841606631507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7ab9ab58,0x7ffe7ab9ab68,0x7ffe7ab9ab78
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=2004,i,8069734872742415316,14328800381291336739,131072 /prefetch:2
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=2004,i,8069734872742415316,14328800381291336739,131072 /prefetch:8
2⤵
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2300 --field-trial-handle=2004,i,8069734872742415316,14328800381291336739,131072 /prefetch:8
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=2004,i,8069734872742415316,14328800381291336739,131072 /prefetch:1
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=2004,i,8069734872742415316,14328800381291336739,131072 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7ab9ab58,0x7ffe7ab9ab68,0x7ffe7ab9ab78
2⤵
PID:5700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:2
2⤵
PID:5968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:8
2⤵
PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1956 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:8
2⤵
PID:5988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:6048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:6092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:5200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:8
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:8
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4876 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4944 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3412 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4820 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3412 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4360 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:4676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3964 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3396 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:5328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3424 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:5364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3364 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:5420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4264 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:8
2⤵
PID:6068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:8
2⤵
PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:8
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3344 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3360 --field-trial-handle=2372,i,17487372700824529674,2292767190052730627,131072 /prefetch:1
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1812

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
PID:3160

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
2⤵
PID:4004

C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
2⤵
PID:408

C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
3⤵
- Enumerates connected drives
PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
89f55681cd116518c116754e0407b2c8

SHA1
f5d4aeb85e94ba181091d6a1ebca93915919c9c6

SHA256
f36101d056932eba1217b54d3ee1c54e0c6c4120087bf1e1e0781625d2be6fc9

SHA512
8db0dc249a77703508e63c8314af4bddcf54ac4f887b26409f743b344b94f9afe762d266cbac8b8097ffb28870d40841c7f64ed60acd087dbc1768db15b1c0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
cb355d280e122049e4c31c448ff64671

SHA1
29b9030788d36fbdc764aa9597b276bb2aed6293

SHA256
0268a2be6f94fa1244ff4453c572c4d44b89509d443d8bb14f6085371d056653

SHA512
3869ad09c3669885790ac89f2e4579355905b694957b36af0994a998d3c4ab0605e14eda23ba2d72f35fc669adeb780b9246bd75ab6f6e4403e6c76ac45cbd29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a2138b7a21c8bc6b93f54097abed0d5d

SHA1
25bd051b5201f894f3771a32adf71f000f49654e

SHA256
f57929b3a9f12b8a98e30d5013b14b796cfea1c1fe4eb70651e9f05a2c68d305

SHA512
ef1d0f61ff8f09af67e032c06132b53c85f5d5ec24adc9d5f9b76862718f85f7d52d3c726856e57b58423a00b644f985b3a5eaf983592eef2322de1e2a4f5b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
72ed683032d1085924d76d5b572f8816

SHA1
e33dcabcf129e350021483cb3a48edb8c7e5db6c

SHA256
422ea326a8443a4f913410d76274d7101c836d3598cb4ae17e3377a30b84b1cd

SHA512
12606af4572b5e3594a54c619599ac7177885884f3d1cdf13d59cf141561ce261223c52f3df26dae61aca15a3354bd93c2374bbc85209767d02e7682299ad835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
5bb35b5176fc45fb0d956d15de7fdb20

SHA1
932e153e07b311a514fe80b87e7049d9f665b78f

SHA256
8d75dc5308c6235b37852bb35a3a1e86c448b5e2247cacb7de56a48e0649868d

SHA512
a42a9696d8dc5e9e28dac88ece4e7c6dfdd46c7f245c07786f831ecc8ee989dd5e1c08a47c7cf7fd320161fe1f5776871c005744a48d57fd0fdea803af4ca3ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
e78e15de2eed451df00719d01b141a12

SHA1
5e96ba3dd4e541aedbedd4f740a5f15d4921cc47

SHA256
27deb4d23c29f6e9dee5fe4507e7d88e6e0b0cc47edacb28b95928ab30ef8af7

SHA512
15ef1679bca45a90353b8fbf19f1522c1cb9a2132dbd8a27dda04c64e34c4b14a815b66000ba7b6bbb10bc6139f0dee6e0dc61112f636ee17b2765142fe2efc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bba9ad7a8a68791d012b6be7fe16a7a1

SHA1
8317109da292512a3ecad11c4dbe21fe4df6c1d9

SHA256
735460b6500f052c20554eb7649b2088c2127becb6dac664d8bd4d36b9377a2d

SHA512
f4f5c8a7edbc46e631e9cf11d079cc4105c3c5b9f540be580b424d1ae7cec83986ef04f70295e30886a1e18fb87fae65973e5fc66762f353f673ead5ce7f9906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
98cbfa95c052502dbef8b4ae3b31a8a1

SHA1
1f9d5fbed439c9f57558ab3e4cec72f83ae1ade8

SHA256
7cb5aa11ad785116156df6297e01c4e5f7a4c823bd7f56d3cf1fd7b369998def

SHA512
9280f4fe9ee2058164dc2838cc854e3787d0a124384d60af13f3944c82d3dd8454a563bfd8f1ec8a2c5875181d51019b9265a2565a8e9fe3aac997c88c023ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
074fb1dcd669122a582068951ab43dcd

SHA1
07fbb5a36d078383bbf798ca9e3aa789b12bad0a

SHA256
eee63e1268ceb0d2b2a38f2b3a54eb877b4a29d2caa7eeafcfe6a2cacfe552bb

SHA512
a5897ebbc19559c2d5531c7ac784ccdfe9796a632bcb697bcc759968945717fc54cbce261b763ef5c2560f351a3e3fe0880924ecb876eda19281af21136b5cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
173701934bc54d3816a5604e34e935ca

SHA1
76368cef664c56be70d1a27229ed25c9eb33bc0a

SHA256
0d7c3f7792a52c29e2af8b98a7ed9f05d53d7591fe4bec923b7a09b64be307fb

SHA512
232f09f0c1f11ff7571b5afb1fdb428a934754bbfb5add758837963e8b6dd4518a8f53c6c79a34156ff49dcf1e4eb2b17927f600112abcba3569e21c8a3877af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
0c89793f085d6252425ccd20a4bf22ad

SHA1
2677920f267337eb9a36fbb7ec760f0b0fcbeaa7

SHA256
960508b178d3b2534f5286e4d73b0a008f5f77227190d55bd92c42166ce331f1

SHA512
50c3db9fbc2997959b6928639ce7a310b193da6a28aaaf2a1e4dcd2b6346de6f04cecebd9f9a359ee72011bfa6411b44685bd671e822663e738314fa599179d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13364437122566700

Filesize
1KB

MD5
a3b89f4d18e2ea0aafde12ed3e2f2e74

SHA1
25218a6fb200fbd16072e038a19cc17ccf3ccb54

SHA256
35f41bfd9bbd7effdbafc874b8ed2f575170622427c02ce2c6dfaa099f989cbd

SHA512
d671f8ff4db7e376a298ffca9493dc51b11a65e147e91f8903558936af45d918ec2ec6fdf896bb9ae6eefc2f0877560af398495d5b1946cff08c1a5f50cab0b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
a87cfde7c84198a8951daa9cd14d10bc

SHA1
02b3cdd2dd69f31fb8cc09693911bb4b7186ba66

SHA256
6536f33409d88583026893aa272784ce3245becb7a448a2ce3760f3a6ed352d6

SHA512
b501e309d002f464a17782d489078f099b4bf7ddc232fc003907c9b8724cdb5e0749aa70d059fc00542b56f0bf8a7e76abe3f12e63dcd6ef4823d75991feeb79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
1e99a647abd001fdd90127e9b1e42329

SHA1
f9be347a7b3fc249c65aa2bb8da30378171b8a38

SHA256
ca70de5d63a169cd5efd50185b3da41fbe6925c6c00010d2ebb38901abb67eb7

SHA512
b7497e4c0ee04f476a4d91f187881fe7807af009daae27b1f2abc409c94a7df067f8b72ac85353d41b4fc6e9c285f1ee4e2fa87257dcb0fac9f6d42c82134f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d3c5c2d1-bc65-4a56-8456-c24c3f9720fb.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
424b1dfa61ca9a194e2455308d9e5d7a

SHA1
c2504e13b21cafb21e8ab889c12ad6a13377f6ff

SHA256
b481c0523158559eb01d7abf04d7c84fca43adc0b8b1024c35c2e35942a6b919

SHA512
b31fc601b02ae2db332873b7a5cbf0d1b39ac6d1617129912a2b1062a7c679db7054d7ecc397e9d60305f72ba7c07ed84aac807e9007f3b0d7857b91830a3628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
b4b5b42f50925cba095141c625a36cb2

SHA1
5b3ccb867eaca6e8f75c08d375672e24569c52e0

SHA256
756c83c2ec390a1e99dd76093cbbe1349975196216a30b97e37acf6383f5b9cc

SHA512
68080a044c2ee95385cd898d7861f248023b2d463d81b3793d66a43fa2f147bf8bcf104b61f8898db899dd1e3d040419bdcb0fb95f3631807f98119aad4a35e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
89684f6be312727dcb2a3a94e93eae99

SHA1
c8bd9b62aeb9e3ab4fd4a871861a4412f77bf37b

SHA256
d0f34839d1ce960183225e44efe4fd266b2d9b3e97fcb3a1f77253e05b281fed

SHA512
83f449762c7b7dc689c786fbe9a82bef9264db90a708a36f06789c07ea217b9ae1660cabfa7296bc5e12f5a3913b87e4a8c3f085091005d857c86ba356c578dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
58e4136e3ea9743522ad1f3c9f0354db

SHA1
288c2edd563bfa9adca998177c22b6c4abd0a06f

SHA256
7880830959354929d170c8ef302f3e71e9b2145af8872f4f44e966d8d1d27b4f

SHA512
2e5d0bbd4b6734e6e72016ee7972bc5356b86a40e6981c07175006e9855e0d1a247984b89cd3402be93b283656f9954ef48b8e4b64bc46cb93104353aa75391a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
2e36208a235ff6ba36664592ad676e8f

SHA1
a196de2b3c98fca5e264e9a090b6623645ebc0e7

SHA256
f1e8fbacf66be3065625c66212e33bd3937a6d99417a381c3c67b7c2f96cac1f

SHA512
e6721e9837dc818dcbaf8d5f0c64dc8f68039e2453999eb16f339bcf47690f55c45f29e20f06e665c24e23562772ead16e4e25f211c72fffe6ee6464fe25d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
5ab70a89d234841af8c2c4512622eaea

SHA1
06043191c63fa211589e36f69612ee8c1da474a6

SHA256
dc9ea1f50f45c42f525714c2453f0900e02d8f04dc9af92177c3c07b2367f42c

SHA512
66dc1e6df948c8aa6d22775a47255bf372f6828a23def0e2397e6d27eb4bc5f5c287d1e2cce10a0c7d0a3755dbe10b6fd28c460332c2e1c43950a0ed934ba712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2dd5cd8cb7bc14774100340984e56549

SHA1
bb8fa50af9941de70cb0b77d40eb3e9a8eb3fe25

SHA256
32321d134a1907d65b824cd18d8ed1f35b707750b71689c04f19388c5b5a9784

SHA512
dd0d694727bb3019bc6d60fdc53ac3478dcc19676c7095eb294b335b8d9e91d331ae8717bed6ae28356056bf920776f899df1269c2a41dcea697422d446a4ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
838c4111efb2a02ee12678bf986d181c

SHA1
9556669ed8748b867f13097f58e157be5196fe3b

SHA256
06929637bedf98f3a5d89ad92086889c833a954d8a95581f7c71fa5782dbbdd4

SHA512
97bd921afe2e561f4bd9f0b1e3291854819d68fedbcab3f653c05c9dbfa418d83cafbd74823dc73cac282ea9e084a679257f2dea62da4a41979716c4276bb626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
d53c3260ae18782d940013ad5ef0d9c8

SHA1
2923b4178537ceef97e8c3643718e30d256e83d1

SHA256
86548e30aa79662f6e28b2f23769cbb74a3fa6c18b8f62b5a216ae5c6b29e53e

SHA512
a2ecd3a6edcc813691da09ea1a6855449b0e4ee4ce0deb6316764c063f3944dc65d1a91901e4468367efe36e9561a53c83bb27385fd8746197a21b820b579917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
fc01bdaded25b6a382ef1bb7df29dd14

SHA1
6e205a0133c881fd4d50c21369f44b4d214ff97e

SHA256
99f8afc5a2334f85d21c26df2169c772c2e16eaab8e9706529b0a7dc55c98e26

SHA512
d5bba3f2a76d8fdabfd7c3e3c4b2b106af6d7d2515f74bd21da9cd94cc9172fb92428ed0fd68c9f1e37f2cb6da00d4650268dfe3ab7874c4099b11218a6bfd56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591c68.TMP

Filesize
88KB

MD5
6b7056a400461b8ed437b7d903259bec

SHA1
4669665c2eb1e162d99b42724abe05f64203010d

SHA256
33803acdc2360d4332ab845fd691cc45bbc249f9f50b14ba1aa0a5ae097dad80

SHA512
7f4f1b5de983c0d85d1ee796abf611469aac8673acd3053def083cfa010a004a6111fc186f540c17242fdd9453871642948a62717ea43befc0ea01d9489c9748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
49e590cce51514b4ac36f0457dff073f

SHA1
30b259df16cf8b9822142a9b45eacb030b5baead

SHA256
c4e818aee6fe53ef3743a392933d4d50e542f1855df5439d12135fab4776a76c

SHA512
c5571ed3aca82bdb8cf6626883809bbfd9043d762835c99f051498dc4655cbf1f1b41050459ad230f68cf473c9e2b96b80affffcca0d5470dc49dd3101ca24c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c31c6feaf9976052ae48f60165d53970

SHA1
780de4201f53171ca5df5f7cd791ddcff429fe96

SHA256
89397e486d5d26ca1a32fe2ef459335ce9f4de7b3f1d9016b4a70649b6d0e686

SHA512
4e61b887fe21decb1135bb56df2205bdb9d2a6485c42bd7ca25957d4d4af3dffa98dc7df4bc55ad4b42869c61d5b7403084e1667b0f756ec0c365e2fdb96cff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
950b1b463329a8068951ee905c5b6978

SHA1
02a02d8975ff602f9e8a01c44f907fc85397e93c

SHA256
801ead56277bdc4fee793ed82aabfe7403ed0d20a0ddc78baade7169188a511e

SHA512
a36b8dd2f17a78690f2de2e856806d76a160977aad1f075eee2e3abc50f0809d41035c51153d26d751ad939635f1209364bbe81b241386bee0f6aa962eeae23b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e71820580d8a346c09ebfd41b9e26529

SHA1
d73238fe0091833215ea3ac92f9666d4cba0ce49

SHA256
c47a5226cfbe450e85c8b58b6c2ed44730059c96687adbc3898251d32d9ec996

SHA512
939aea785d0dfb33ee7eed38ca03254042ab317b57dfd3bf3471b7e755c50ed4bea9a6e8ba11744ce241227910b247adc6292e5b0a2807df5a24dfa9121cb010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02092b558c96893878b4b8da51127454

SHA1
9fab8bb255821c58a07d7e40df0cec0edc5e7af6

SHA256
a0e677671fe6cb3e096ceff56536d7b87ad4aae97507efb5eef4ba15b41a8cb1

SHA512
fb57ad88689ee29f3202a73da9e1b41c4c023e4effbed953edd9c14578431f3b3bf4cc4efc4529e6138e61b9a11cadde88facf21c6f9a37d11c16f32cff6ab40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
923c11f5f9311dde7525cd314ca9529f

SHA1
b1dc8b8b87efe0ab6b68a6153c18c82e72a46aea

SHA256
07cf5faaea62f11ed7844a9f99d91d6c784027d4bd32633288217173bd1a100c

SHA512
d47228859657540a85b5329f79e6fe8ead6957ef7c539bcc1e00d00f43f6e6b027bee49617b9db9a06515fbd17229d97a9a545fb83a06806c24fd405dbd18f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
8f8c5452ab137c525f2681a05d29d7b0

SHA1
71440bed7d2c927945dd226c95a2e274e359a76e

SHA256
766ee90df51f7bea76c24c559402362bfc7338fea0e3e020431b9c6a3479d0d8

SHA512
c864b6b0c3c704fa28a2005e739dfdd67a7870045407f2973097951a5f144c804c34f10b461af5c4c9202687d9be0970a6da83b513e87111f1ce0d013637a9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
4fc3d5fdacbe82ad336d10403e6e210d

SHA1
efef6929d340355b87a24fea3d4426ada900e5c7

SHA256
9088511c2658856feae585dac2044aa0030e4a813f3b553e59e5b7cb9402e7ac

SHA512
38ac6fb5560ef4f2681879643c89283d9b72f42a3c4804bebd979ff7ff5f3b628b57ca38a2106b361450ed91125c50fafb7d4c1a905dc469d6aa645cd9e914fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
\??\pipe\LOCAL\crashpad_2948_ZRLLHVGZDXUJSDRK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit