a90ba5a56422c0d2a41f28da056affd69cc8929e14dcdab1583ec96b50b8e28d

Analysis

max time kernel
369s
max time network
389s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UnamBinder.exe
Size

9.4MB
MD5

70565dbd654937df2eaefc7c79941169
SHA1

5cb8daf1185704a9772f07dcec2e499149517715
SHA256

a90ba5a56422c0d2a41f28da056affd69cc8929e14dcdab1583ec96b50b8e28d
SHA512

64b89f77d6528c838c0288c59203455ea3318028816d4426f818c6b8c3258d8e5e13242b175d7b3402547cfd5a0acddb212b9f9b5bbf5d259cd4befc2d078a4c
SSDEEP

196608:g81oBGyk1BK5Gf01Up2GRlRaNqg4eS+wDjxx1ohqsIOGvuQdaQ:g46GykqGf5sGRT2qFP+GDAqkG2i

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1144	windres.exe
4932	gcc.exe
2016	cc1.exe
6188	tcc.exe

Loads dropped DLL 10 IoCs

pid	Process
4932	gcc.exe
2016	cc1.exe
2016	cc1.exe
2016	cc1.exe
2016	cc1.exe
2016	cc1.exe
2016	cc1.exe
2016	cc1.exe
2016	cc1.exe
6188	tcc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647750146986581"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0	UnamBinder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "5"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	UnamBinder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	UnamBinder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000000000002000000ffffffff	UnamBinder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 5000310000000000e4587890100041646d696e003c0009000400efbee458d283e658c0ab2e000000dce10100000001000000000000000000000000000000835e4a00410064006d0069006e00000014000000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\MRUListEx = ffffffff	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 4a00310000000000e6582bac100061736400380009000400efbee65828ace6582bac2e000000b733020000001000000000000000000000000000000075502a01610073006400000012000000	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "3"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	UnamBinder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = ffffffff	UnamBinder.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3288	chrome.exe
3288	chrome.exe
6976	chrome.exe
6976	chrome.exe
5472	msedge.exe
5472	msedge.exe
6396	msedge.exe
6396	msedge.exe
1568	identity_helper.exe
1568	identity_helper.exe
5716	msedge.exe
5716	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2892	UnamBinder.exe
5716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe
6396	msedge.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
2892	UnamBinder.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 1116	3288	chrome.exe	88
PID 3288 wrote to memory of 1116	3288	chrome.exe	88
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 3608	3288	chrome.exe	89
PID 3288 wrote to memory of 2436	3288	chrome.exe	90
PID 3288 wrote to memory of 2436	3288	chrome.exe	90
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91
PID 3288 wrote to memory of 4464	3288	chrome.exe	91

C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe
"C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2892
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" cmd /c "C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -F pe-i386
  2⤵
  PID:1844
- - C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe
    C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -F pe-i386
    3⤵
    - Executes dropped EXE
    PID:1144
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED resource.rc
      4⤵
      PID:380
    - - C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc.exe
        
        C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED resource.rc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4932
      - C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
        
        "C:/Users/Admin/Desktop/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/Desktop/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "resource.rc" "-mtune=generic" "-march=x86-64"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2016
- C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe
  "C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe" -Wall -Wl,-subsystem=windows "C:\Users\Admin\Desktop\vaporexecutor.c" resource.o -luser32 -lshell32 -m32
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcfb3fab58,0x7ffcfb3fab68,0x7ffcfb3fab78
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4488 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4780 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4560 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5092 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2196 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3276 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3308 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4432 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5248 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5368 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5516 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5680 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5720 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5840 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6344 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6392 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6464 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4528 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6772 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6972 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4340 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7288 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7500 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5252 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6316 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7720 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7984 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8040 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5324 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8268 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7004 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7036 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8024 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4628 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5320 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7516 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7844 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5288 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8184 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8144 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8580 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8540 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7516 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7504 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8628 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8624 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7532 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6320 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7768 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8988 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:6632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7784 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:6276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=6524 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9124 --field-trial-handle=1988,i,364864302911849896,4498173372086957136,131072 /prefetch:8
  2⤵
  PID:7140

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd0c9b46f8,0x7ffd0c9b4708,0x7ffd0c9b4718
  2⤵
  PID:6412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:7140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13021288272022049130,3438312975740442357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:5608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
68fc696ef8512e5cc8a4f16a81132277

SHA1
81f5e84ae2dde76e4ad8e0b8b299c31619cbd6d2

SHA256
aef194aacc5785458f0610f7a37bd813bdcc70a95d12031c9c9bc7daa1bd21e1

SHA512
dfbd82612149e08047c6f883836d6310cadb32e77a6e6e930683fff29b0f14386182d3ed5e0c44413a7239e4ad5aa1bb7b7afacb623120b656d553fe24982f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e9ea629600957adcb2de79464f2a7ced

SHA1
8274626040c9b49fc01e39e32265daca292f36d4

SHA256
5878a2fc679d9db22dfde56e16de9c24699f632eb33b370a79d5a9c662929cde

SHA512
e898a863e2f3172007dd4d1b572595d7cc8fe1a65c98397941f61391eb5025534b5aaf61f172aa808d58c7e6669a9ba73cd132ce6e07bc79a1d7890b63699427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
6c2007586f643db223a4b30f7b66d725

SHA1
c17b36a743802180b0943f141ecd72de807c2f70

SHA256
b571976bd15dcdd01148877bdd47495429f0eecfa27ed94ddf2649a80f562092

SHA512
12a956bacf62cba69e6ac023daee9244985d21aa18b363f4af0c15897076ef44cc999ad0e301fa6170abd69db97215c31ed602659fd6f2eae784fb7b79786e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
5603845054fed057992bc06c73c9d702

SHA1
efe5c69b58b53f3ec703564192083945d41384d7

SHA256
bd42782c2a2a1df07c60599ed00064b7742e491f5bde8875639541e52f6441dc

SHA512
2f40e8e59f15bf42ea782e2bf0fd755d90a8378b4f8f8a551cbd29efdf9f3826e46c9d6aa30822a8dfca9c9411827d9bc4a04b9ab4181abd44ffc7a9ad2514e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
6ab956f2238da02432f2c5d6e9e36e55

SHA1
f2f35b03d2d74e808aa8d7dc8aee4397690e1706

SHA256
12a70c0cfd8f620b7eb89964aa9cc8b96c43153605e3ec5956022e196da4ed4f

SHA512
e10d4b17cc8a9d93692929b6cd93b835b6b0608c88d042e3dadcccac680ef01209d6cf7d42ec18f3ce00d1015e41fac628a5f40e23153188852095ab76669edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7f066240d6dadb9e62252223e60742ae

SHA1
b9acb9cbd1449d93bd3dd471e5a796decb655cd3

SHA256
50f5c944b3b4762e6639818c2684a2e18dc37e4b8609c5d581e88d707c1e689a

SHA512
30a903ffcd648d86d90b52bb3332fe1f8af42eb6b3d0d9c331bf7e976dd33cbbfb298937ba5603ea39e85352fee2b51c1963bc19d3d4e07e51cf7581ba72edf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f46f480999923064708e61836ca3aab9

SHA1
a79224a19bb0c9920104b291a366fbe71598e23e

SHA256
bbaef069db05a422e539302e91a54d8aca2d8d7a7bf0087ef21bf003b1ccb58c

SHA512
52bf3545363f7a2328d00b0e2fd78ef5c9a4425fdf0e0be7203422de6a47e36fab020db994b1e15dabf518d9d5500367e41f6bac9d7e5f021d30087011f1eab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ef23985df2170213ed0beb576e6482cb

SHA1
67c6130a156ce196e258c551342bd8ff68d372d1

SHA256
1648d09fb3f2fb929cc51fe16c5c9749a570f6edb8bdfbe31216738ae3049e9c

SHA512
88dfb7575f90a6ada3d857134b729803719c6437469d339ea721be835a6321d15e0f233494b016806dde4dd01b4ded6d6922296229ab1d827d3dd00285e82e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4425129b4356ca34c7fb04dce9f15dce

SHA1
9ad1412f29275e0ce3996747b8de2c907105da9e

SHA256
56ebe1250f7e9c0f18c2665add4d337e96ed2cdf19ad180bc4949603dc610478

SHA512
fb3da91b65d93291877bca507693a2785db1f6a93685f59209011e706a37c78b4e0f8903050c6029a4e430409fcf6cfb52f33d07fa254b1026b39190d823ec19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b93a22805a12162711d846c0352fcf0b

SHA1
4d24276ff97346029f60aa4f5ce25815d9a69d3d

SHA256
fe789b320fb95362340706da03b5974b5b20b9b5d04d2c5a4baa8b02ae1646c1

SHA512
ac28c70034c31bfbc6972cf440a4ba643acc21ea64cb1a6ab08e62cccb82165570b6c1b61f775ead0ef6fb767b762cf6c367e84e764f7a38d966a14b34da5bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
3f5c368c3bcd0d2dd54149ac72b748f1

SHA1
abe7a6adcb5563eed68153d387dc8e0539490188

SHA256
c1ade637b63049854114440cb7d8b626b0db5b3098db4ac7823583b089f5244b

SHA512
36a4bedbd4637f9a95538f2064446efbe70ad84c990d23a21d576b3619a5d51b6d19d45330bb52bb93a965dae0083b9642fcaeb65248b1dcd87f712725c5cd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
4155600d9324a74403df3131cef534ab

SHA1
e0bb31dec5f71417edc480dc70512be2aae70bd5

SHA256
cb775804928a5311423b5738303877680712053f9ae295215ba254ab71e01990

SHA512
76a1634d41962c5dc601c14396d9c7727f93cba983b7dabe2c5feb02b9c88cfbea4407be2991107f72988679fd0fb1419d74ebac152019683d4a49f5b954ad6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
7a53cb3c13fd37a9caf0b09c437a7697

SHA1
2eef1f56c17b0c208963fcf89d9f8d569524e786

SHA256
176de79887e15bdaef43baee18b3e5312236d51443f9f23f7bb3a049303182bf

SHA512
a591ec95491542228b0888f63fa74ac78dad14b73eec7a0fa0f501e093a35fdbf84a4b07682e217fe7ff6f416a4a47e81790a3e6eb59b10d6aef4d1e1ce72366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d15fcf327b60f0468b7c8ea780856fa4

SHA1
e10226c41c4e6eb252525740df3f3a6642624127

SHA256
e2bd741834173230f165b8c4ef5270f1d2a83a3f6bca07eca9cda980ba01f1ac

SHA512
1fa2bc1603cfe0504ad110cb26dcd2043f5c97d544c9e90cfbe426025bd05e3ae232a17cde1f7d89ac0d67dd4bd092fb8c456f712d426b8813ae1947b0ce3c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2ffd3c0fdb9ca002af331e901bdedf72

SHA1
217dd78911eeaba94c0011d2aae6e198c34bef2d

SHA256
2abb9e45d33233a74b3e13fac8347321485c0849c7ccbc9ad7279b576de48f2e

SHA512
c8f2a374dea0957a8b690860847e8023c9d488e17fdc36b8d15e1824dea4936de3db38aad7e20647bfa5b9d5cdd4ab6ad113e32446880926397654c3e1016d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b5bdba5bf6cc2313932961106d1495ad

SHA1
a2c8aa905c050f774a099b7bebe3f615a0bf28c0

SHA256
6245a65f810c4fb8c4a33253bb9db67d30e7c604d71203ce22ac1d343ee72408

SHA512
033b7aed8aebe8da422676d5d7a5f0162bd03c4e7f58ca6d6f93deb3a9f0f83a1c2172e43f2073cfa3d304fb2437bd33e849cb3392e2c7b8943edcebf627591e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a4837acbe99bb11d8d07aeffebe70108

SHA1
fc50b642947670851de5b5898602b34b0dbce02e

SHA256
42438032528ad6d66ee03a9795c381c9fa1422824af93923ca0c7df1c664923e

SHA512
81c1c112268955dd91fbf8aa43d1b6c0d539b30ed15d24dd6f1707dc1c4a612d5f4079dbcaa3330e5b11d0068151e6f24c13e17bda80a58601768c03c3cf69a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
61bee39f594ac5f75ef440ce25449825

SHA1
f43265c1eea28aa027ce4c2d0a099c8afeb8df0f

SHA256
43459477afe555727393780d2d55ccf72c2924bac35416f234b66b0e0b29c483

SHA512
c21eb3e019d910a5cf05fa3f4a30d62e7b408896ca98c3ee9d0aa46d9229555f87d5fe08a34e9aed1cf71851d46e96d3b773faf9a86a7491690e4384679367ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4da1461bde759948aafcd9b28dd004c2

SHA1
d2db8634df919d9b1e8cb03517b45742f66d9f97

SHA256
b34b8faa2094580db5a317fec54fb56f748f83502b5f96e501874bb6cc0391e6

SHA512
71eb2dd577a7221059e01aa9ec3dac78de5b53bc47a584a35d135622ba703c27e521ebc4be52992ea52e2e9d9e018ce2651b5b23ac00f279487aa889e3d874f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
89b59c2da577e13ceb198afb78e6f36d

SHA1
c516e1132c3d24a5881e9c54a93a597f3018ef93

SHA256
21253e0fd2651510a801a16df6181b68a725ed21227cab4e57086a62511f1bc3

SHA512
1ea37ea2015c43e10633469b50db7f906db5e7ca0913fa4e34aadc98c864b6c9b345cc1586c59fe9a42cf4ae9c5ade417fd041a190a05b5fa0de99b878f311d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b0579735af4f6b83938add16eb72ab9a

SHA1
7804f82a5b84fe60855cf3cf697f4cdab77930aa

SHA256
437924290cf5752d355c49762db2656a1d3173ad3af78b85ee603569d82bc6d2

SHA512
eb204533745ab9b54279b078ce1b0a8baa7a79886d82d17f88542688b6ccc34b34b229adf4d0402e640d59ba190efca340be0284ed39888ec4de3f99562360b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
989f012bd98555fd0517fd4f742e636e

SHA1
0040e84e34e763b1a64286fbdf110b18165066b8

SHA256
47946fb5ea9f9ca1cc832183e2078803ae39ba78e15127d7d56dcb93dc71ec4a

SHA512
3163f5c7ec950a96ec797ace4ed176c02be4c304b5325803c782ad04634a4f24d028fa21c9e8c608132dcd0797e4682ba01b0dab60e5ecfb0400a935aeaed99d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e40ecbc34389abd4b0afc62b9dd113b9

SHA1
73bcdcec7bbe3d029f7098cea86658838ae97fa9

SHA256
4e0e0cafd5f0ac16bad68edde3bc46ae9319c2818cc2894cb5f5c83098dafda3

SHA512
33df1ecb28d2fc9638d21ec0a0ebdd93f6ee50c2c26dd69983a0b7824d825f194806fe2751cd36e8a37753822a2caacfea777a76a96fa8dfffbe80818cdb87d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
c9853e3a48441cda12b546a98af922af

SHA1
afad05b0ea62e7b8bd631af36a92ae4395a53c44

SHA256
1a6f6bbfadfc2b6fd5a90919c89d1756856f132166dfe874357a846173501ee2

SHA512
55ebf65a78c4a963b560e3680a97dc2d8e676d31bf10e328cfbadb7e3d52119c4129953edaafb8afc131dc8b340a9d4d6920a1a4857886aad747ae8092caf18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
22ce6596921407c45555a52afe2dc74a

SHA1
928ab5f436e713974317f4051b619c184d9d3d8b

SHA256
709f434dc5f03142a7fa07408a49eaef985a324b54c65416b9f8e34b46ba543d

SHA512
bf1f2caa65685b241e1c6c878dc042cd6c9583d0704505e2175c1efa27e973e1c93ec1a1a5feaff4991ca16a67419df13f033bd42a6bc9ccaa807134792b8141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
ac117ee4c1c4f9a0b9d7557d7789a7b0

SHA1
99c4ab8a1fca9bd31b1c69d27404ecf1cff6dd0c

SHA256
536373942e88dc2ef1204f4d34dd429a9438e7acf697fd06e408999c15403c78

SHA512
8562e6f4fed67b3774d369e899f9279d69b73a99ba25ed79cf80185b6d30efd78401d72933d318d2d32821523b5189a9f74d7fb77bce6ca51cf9d1c917e0910c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
88fbde392b66beebfe1a498cedf648c6

SHA1
e5c5a0cb9a9574c9795b903b7a3031a4a7d13af9

SHA256
82b47ea7c8e6c97bbfe4428c049e224853a2423eb8067683ad856aff03c2951e

SHA512
f8cc0cf318e83fba02e191ae44ea71ae977c9bd67c5d0c1a19fce283cc793f94bec553e898458bf948d00bf63a32e5df3275023f45d049180ee1514bab2eb172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
0875055e3a028fd04c44122822d63fb5

SHA1
7d088fed1784f43747ad91846392886ef951aefe

SHA256
bbf6cf33cbd871608c8c90f3a8f1c176302b2f880b27a6ae6f2b73ec0519a36b

SHA512
5e6d684d89d419435ef13cc448b05e56cbd26c6bbe5979596d8172f700002c72668e8b5bc386abe6da3a4c6b056a3b4130ccf6cadcc6c0ecb72a89b1ecce8df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
df020c03e60bea6b4a94aa5e786044b8

SHA1
7ae76a94c9316030f5f2ab678d7806820349688e

SHA256
d007baac997ecdb3e56789c377f31ec61e5b41d7ced84259127338e9d6fbc422

SHA512
df3a5b749d94de6a75d3b5793a796ea49b54c02b075a78c305b3d9cabe6ffc0ad300964c18b8a2178d643d1ef695bb8c30b9ba5aa28590dfa315ff68b48d2dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595971.TMP

Filesize
88KB

MD5
92e8a9d255ce68e655ef3b0b49d7636d

SHA1
9212311b6b12aa9c2649cc74102763d38d7158b4

SHA256
f4b90a82c106cc8568fd1d20fcd4e30648e826c530c501badc94af14632b28fd

SHA512
b72aa1fc39e0d85208ff66a388a855ef983e1e7c2574b39805f2e42139d2611144d3044cfba8998a5004b8109bf858178626f817b216a55b7a330efbb0229cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
3981ebd4e8f3a8000c2c22285a65abff

SHA1
50b2f9d35783b914075dc846c154b6d8a4515d84

SHA256
6c8313ab0125a46fed477597b91b7c723aa41cf9501a8c995622d5d3bf6f9cb0

SHA512
431ca297d9f8e43ed358c94524f83ee4e6c417a7e4db261e092262c64ff06ebd7355dee01415b770918859fd2c81d0849c503df3099824147358d3699e8d1812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2915233ace3b11bc8898c958f245aa9a

SHA1
68c6aa983da303b825d656ac3284081db682f702

SHA256
b2cb442f2ca27619c8df087f56fcbbb53186c53f8fd131af886ee3712220477e

SHA512
e3f1b70d39b615e212f84d587ee816598236ee6ce144d919593894fcce4a0900343a9e8b837a0d1bd10921fff1c976c84c4a570eda776fe84d374a69e7a54890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1fe3a26bd35b84102bb4203f31e74c7

SHA1
45fdfa8433789b575eb64e116718e62e0e0cf4a0

SHA256
26e0d51529de906dd285ba48288e25eaf5213c0f0bab9bc5f119ecbc5e1b93ee

SHA512
d528db2e9b917d4fbe24b1b5c6f4cb274f4f91c84f63e5119e041fa89ae0cd01a370e314f8b6aca9d6fa958e79feabc720f4b54b3d8aed69aab11fa84cad36bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
42KB

MD5
3f62f758be7a60ce81fd16fb20c26102

SHA1
7130763188a82267eb94ce8952c5050a2ec40c8d

SHA256
87cc4b983d6ee5ec5485b828696879de3d7cf08bda3d8331c1b297612bf18029

SHA512
afab3a1dcd9eed806b60cf0059915a1b78002a61f74368e93ab8cb31130d04ad885171dc4616f7dadf32bf49e82237375b85e8d6cafe094111ec0a47be117a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
172KB

MD5
6d7fd6ffa190064e258738b5927b4dfb

SHA1
5a978b34df7ecf256c479cc20b263720a5c58a7a

SHA256
263f068f70a10910e2669566ae13e9a24efeee793e6f7e82b794cb637d8246da

SHA512
d00c690eadad9d4b413308787aa06ae5a6c3ac58f4663c2a343171e44ba1e484ed0dd09de32e9c28999c026a53f414c5b3c631d1465445b074c56a8a9109d074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
966c4a2dd013221555a19c9c70bd9191

SHA1
e919b2041c76a6c2b76cd38521572881795e26b3

SHA256
d46f956d30aceca19145408aa791fe0088f40cd68b8ef861c029c050afb9cdfa

SHA512
03906a7b41885f852485b4f824543aa20689dd8e23ec4266f2bd255d77c40950d7cfff07ea55437560933e30656ea1ee76a2b1da6da973316b43344a3d05cd44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
8dcc3ce492aacd49826644747af780cb

SHA1
40f38c13094da268117716ec4909a083bd63ef0f

SHA256
68466276c04241805935fa34a6988ee3b38c4624a34c945b8b64421a93de785c

SHA512
6f7aea33973950b314695923b8bab954e00af7561fadfea3221db41e675c68dd759ef15af2dbc871c3bc19e8ff8401adc536aab64bc4eea5da7283129b87ac90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
16KB

MD5
7a9e335fa2b7a681d9be22d7486df14d

SHA1
66ae23a082f9209b0d07edbdcab4720a252a4459

SHA256
4cacb56852590107bea46eae59d9eaa5d0c10bcff4d2c75ea1fd741445059d3a

SHA512
9e6ca2c451c3ca4a5a44e4cd6f434fb58b97b568dd3737258829c8df2b0ce2983f0a5b50f4b39a7e72cf3a7df66962fe13039bce756a20e1b0552c8f9d5f1187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
96534422450be12228d388fa2ba4222f

SHA1
2428ea57496dd0548351bfc43703de3c58b4dd0b

SHA256
12b3207f7b68e259c29968ffa8d7f2773c7595ff77f18ba49e81508536e5ef5a

SHA512
d06aa98330ee190e36505c0c5797c48e4a0c19c9bd078dcb5ae64c14d88471e393bf4a9f653aae2fea6bd1a15fe78495d3ba3e5cde7be54746170e321274bc19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
145KB

MD5
5af551639f7fc501b08aca2b94ac5981

SHA1
ff7ef4d9b6f21aeb45ed1f837b47359dadc3e298

SHA256
99ec71fcd27ea88a10963e2105977cfec80f08fb0d35d64e57f8b7ffca3fca94

SHA512
5d28349cd7deb814a00a9d2b8cd9eb20272ddac76b672e70b8315a6da299480a894a29de2bb4678a5e1632e2828461a528d3c285bfb5e433c8d5b34fa2b957c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
162KB

MD5
d2320f45999516d37d8a4a20439e21f7

SHA1
a96157c9d1222cb97ced1cf6425441d586d16cf4

SHA256
6ccf17947eb0db44789d338cf59cec7c6208bec7aa45957a4b358854d6785a0a

SHA512
092174c3006dab4a2390969b80901de251ff7990741a22daa5a03195552e5a416038317cb63cb690128a14ec0a07e7d48a154e9722613e3c201c41677a33a7b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
80KB

MD5
9b0ddabb0d975754439c8d3fa9e353c5

SHA1
df6841a322802399e8920c1d243be0f37e6f5532

SHA256
eccefbe05f6f03d40e9cfdf83aa2a48a7d39e06bb13963536cb8ea7f0372bca7

SHA512
fd4dc9cfeeaba870732eaf33731b44552079721816537013fe82670a8d87fbff17f7778728a7853333b5f680d46f449594bf36f0e3d6c8483c030201aa0956be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7250589e59fb04ae2e3da592ae715ad5

SHA1
1e5366cc3519221c788455ff23096b98759a2f4d

SHA256
7071b5f3da04894fdfb1ed2710ffd0a94ab42f6c52605acbe15438af411138be

SHA512
212f00704d624764a0a75e7a91f3719f36a739aab38a9ae26a3b8bbc8745c47b78bd80846cfd5e85561ba8da20da9bc30160a10ad8c96c9e713229a31e42e406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
e56d8e551312bcd17a27d0c468824976

SHA1
90bcb2359c2c5688ab556efd098b0fc4fff2ac59

SHA256
065cce77db71b16958e142f57003b4745f90203dfa5d17df1aca6834177dc015

SHA512
b997a569331809128a4a896be5c793bbf719a8cad5f7b083f79507213dd211b07e36acbfc16c4e9d77f9de422464a962726de55459b15b6550d4968c0729e791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1648e909e46fcc76fe622032ea8ef7d4

SHA1
c0bc1e88b1a093b000abcd7cd938d54a1c062d29

SHA256
e9321c0d3d71225b455c20ee360667893157cf8a8f0b0f6c73c04a7d965acb22

SHA512
a7085c838481aa095ed3b01660cecb94f5d6e8557497f524f5c9ce8386f3e67fa1029a14ec05fd259072cf2b3da616357d49796993faa82e5f10e366fa0d698c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f1d9313902f20018339b2e20ff3f536

SHA1
b1e98661ff56cf2b900924c13c446ced1efeeb3a

SHA256
3aaaf8ae36adcdd85fd84374903c3f884182ce5bf85e1279d0b72ca2002a29fc

SHA512
5438c020b903d8bbd330dd4a90d23f8675025fecb008bd211aeab070c28e55716bdf9a8d406958d7c15f5c17d7299d232848c3fd687a1adc9ac9470556aed6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b4ee0991a0c96209e215a52455239437

SHA1
80c4e812b23e725d433200db1c4abe8de271a4c0

SHA256
3d9cd8c5566c470bb334835eb30bef6d3c3e84428b920b2f11ab489e9a20bf5f

SHA512
2120a07a187c91c5bee2e708e27375e74940c296cab65ab37a9358e84ddba52834553b2821e2b6621c9c4d95cc55ad7eaf8ed0798af6b1cfc534c02c25b571de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
fdd2fdcad8dd8a63c0d724cd95320247

SHA1
8088b9d5a26fdf11031591b857cf81fe585e039c

SHA256
8127a60eace11577007e04f67884125a9a0da849f8412fcf23cdedc2b616ce53

SHA512
d1ca90c4fba0fa9648e046e4ad49554801d7af4b4058c58c72ce82bce0d28f34c00789d29fa843e9a87e1e51c12483f17818815bd03de19936dc8e145a2cabf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
7fcc1dc3f7aa1a204822e5a178927746

SHA1
6a6e092d9ed73293ad4a7b067c9558f092d4acfa

SHA256
5930f5107ab87fdae2eec33e9262498a3befcf477cc1b31d9bea3ecfc713ee07

SHA512
a5e4de21fb8fc0f94ce998d7713d37ec34ae1abb42fe9dcb546d291dfaf679b57e907f012397422bbaf6cff5c79ac258890228f74070effbdd00fb32711d4004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f0581937a6ccc932d0bc9a537472fe9c

SHA1
7dc9495e4b8d2a3b6a0ac0c064a8b4ec5c36633c

SHA256
848f3728faf8182e14191ff6924d44b7ea3ffe10e4a31cebafba52f658d03c0e

SHA512
3c21d354fb98e43abca31f9ab3d84494648e7adb0c8c9c4072199ca08a52fa3ac0e0c021ef4322ffc65204a1ed11d82d9367848207f7d49c7584a4aca18bc4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
af3429349e7bf6ff423086ce7d0aa3b9

SHA1
58288b76241e7504648ca8ebce5d136f62b0077f

SHA256
5735ec8b361d15a93e84130f799c1c2a98b7ee6e542783f29070daf1360c749f

SHA512
938ac4aaa8fcc1e70ad29f915bd471b3060b96b4e1eb60aeb76ad153c265f5c87d42dd84a47e3469ba3e81eb0f3f2496192c00c481b769525fc2d4eedecaabe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c9523.TMP

Filesize
1KB

MD5
edeeabfcb0d691d5f8b0885f897356f2

SHA1
22f393839d7e49ffb3a6908444a1418d41275b7b

SHA256
3fe8852e0f6b9f77991705cd7584347569435572220f5d25474f6ca2edd93be6

SHA512
e31ac1b2a70d238a3c55f5a9db8f2e17ddcbd68ff23a02843db577f72e7337f54e0aae5d370ec6cd58b3484ca81d70d8cfe40b90b5e0823411a05aea1b5bfefe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f8c0cb02361ba713c1fdade568bb70a

SHA1
1e6ffcd14f405ca6c921186ca87e74dae41f2ec6

SHA256
02bbba01a9c1965b687a776a006e9a2b58e68d5f5f220f7ad2af62f2793ef2e5

SHA512
f95882d94dd2ccfdc660a0ece1a51416a545f5403fe57de2f1b14fa802a7239ff9d70656d81ffd01a975f7e091f7fd8dabbb977deb1b7cd7f6098d72b360c51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
cde34ab8a861a29922d2b30211533d13

SHA1
bdbd5c595828db21332d774fce64728ac521c502

SHA256
45cdcff27bb41a932021c6c4bef194db30458825eff7c225307e899dd2a7d402

SHA512
ebdabf536f3f62e171a5765db98d8efb15212724ba8bfabf5378de85dd3d6c192c246f21c3567e7aed1fd13d5c5f53a883fcaad93ae30e95b6c753681ccb16bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\nigster.zip

Filesize
6.6MB

MD5
4c5d6c871c00e0031530a14355588c8a

SHA1
5617c8158d0eaf42de2646f8bd8e3867afceeb77

SHA256
840a8001b7c1334e20376b1f4cf3f294e336fd713a6f89a0f98c5d2326d27ddc

SHA512
948f9c755b0ad2fd221cc4e07cf0bdefa288e0312de735b010218754426f4c9a31a0bed830eac8f306cd4b0bd808d4b8a207b321f4bd6ca29e498087fbd09219

Download Submit
memory/1144-1751-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/2016-1747-0x000000006FE80000-0x000000006FED7000-memory.dmp

Filesize
348KB

Download
memory/2016-1742-0x0000000070F00000-0x0000000070F24000-memory.dmp

Filesize
144KB

Download
memory/2016-1744-0x0000000065600000-0x0000000065619000-memory.dmp

Filesize
100KB

Download
memory/2016-1745-0x0000000066200000-0x00000000662EB000-memory.dmp

Filesize
940KB

Download
memory/2016-1746-0x000000006A780000-0x000000006A86A000-memory.dmp

Filesize
936KB

Download
memory/2016-1741-0x0000000000400000-0x0000000001149000-memory.dmp

Filesize
13.3MB

Download
memory/2016-1743-0x0000000068C80000-0x0000000068CEF000-memory.dmp

Filesize
444KB

Download
memory/2892-242-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

Filesize
10.8MB

Download
memory/2892-0-0x00007FFCFCF03000-0x00007FFCFCF05000-memory.dmp

Filesize
8KB

Download
memory/2892-1753-0x00000295BA180000-0x00000295BA19E000-memory.dmp

Filesize
120KB

Download
memory/2892-823-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

Filesize
10.8MB

Download
memory/2892-1752-0x00000295BA1E0000-0x00000295BA256000-memory.dmp

Filesize
472KB

Download
memory/2892-822-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

Filesize
10.8MB

Download
memory/2892-2-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

Filesize
10.8MB

Download
memory/2892-225-0x00007FFCFCF03000-0x00007FFCFCF05000-memory.dmp

Filesize
8KB

Download
memory/2892-1-0x0000029599E20000-0x000002959A782000-memory.dmp

Filesize
9.4MB

Download
memory/2892-1760-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

Filesize
10.8MB

Download
memory/2892-5-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

Filesize
10.8MB

Download
memory/2892-828-0x00000295B8380000-0x00000295B838A000-memory.dmp

Filesize
40KB

Download
memory/2892-827-0x00000295BA0E0000-0x00000295BA0F2000-memory.dmp

Filesize
72KB

Download
memory/2892-825-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

Filesize
10.8MB

Download
memory/2892-824-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4932-1749-0x0000000066200000-0x00000000662EB000-memory.dmp

Filesize
940KB

Download
memory/4932-1748-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/6188-1757-0x00007FF7915B0000-0x00007FF7915C6000-memory.dmp

Filesize
88KB

Download
memory/6188-1758-0x00007FFD0C160000-0x00007FFD0C1C5000-memory.dmp

Filesize
404KB

Download