hxxp://youtube[.]com

Analysis

max time kernel
390s
max time network
391s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
08/07/2024, 13:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649206284453588"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3234977864-427365696-1522832567-1000\{578B20BD-5577-4301-B208-D5DD5DB8E2A4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
396	msedge.exe
396	msedge.exe
560	msedge.exe
560	msedge.exe
3824	identity_helper.exe
3824	identity_helper.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
2708	msedge.exe
2708	msedge.exe
896	chrome.exe
896	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1200	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1200	AUDIODG.EXE
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe
Token: SeShutdownPrivilege	896	chrome.exe
Token: SeCreatePagefilePrivilege	896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe
896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4480	396	msedge.exe	80
PID 396 wrote to memory of 4480	396	msedge.exe	80
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 4696	396	msedge.exe	81
PID 396 wrote to memory of 884	396	msedge.exe	82
PID 396 wrote to memory of 884	396	msedge.exe	82
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83
PID 396 wrote to memory of 4064	396	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbfd603cb8,0x7ffbfd603cc8,0x7ffbfd603cd8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16916498814226851637,8736685396648913632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:1060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbe9c7ab58,0x7ffbe9c7ab68,0x7ffbe9c7ab78
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1800,i,7100610221430402497,16784175870286330382,131072 /prefetch:2
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1800,i,7100610221430402497,16784175870286330382,131072 /prefetch:8
  2⤵
  PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbe9c7ab58,0x7ffbe9c7ab68,0x7ffbe9c7ab78
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4076 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4584 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4808 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4260 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5444 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4724 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2748 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2692 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2800 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3492 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2508 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4880 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5228 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5516 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4360 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5344 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4072 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5308 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4512 --field-trial-handle=1776,i,9522253441511431761,16685120834438131232,131072 /prefetch:1
  2⤵
  PID:4992

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
0021be0f579063f07a024d93ec0aa025

SHA1
71a7f2404343b9ee079051b6a17ea1ea1a9e812c

SHA256
262e67c23408d0d88da5343a10d231ee112be5715d124ea48a4be14797486cb1

SHA512
58adc5075581029b00e6533758c064f1df1b0833fc4410675bd0e980618a7cf74592c6feabe998e737eaa1f1348728e70cf654fc6bc49184a0aec45f86cfb81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
36KB

MD5
103d7813f0ccc7445b4b9a4b34fc74bf

SHA1
ed862e8ebd885acde6115c340e59e50e74e3633b

SHA256
0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b

SHA512
0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d7837e99af277979a0ac875d8a147b02

SHA1
31d3de7c3d2461503ed5d895ce4e97f2d70e228e

SHA256
9bc982e63308fcb35a78cca489d68fa7519633782504bc685c44c5e987ef4e84

SHA512
ebcdb41a299f6931bc0335a83bd2e93bbdedd7f6f4c0d854b1c00b28ae62bbb68e85c041e82b98a567bf81f2bbb3c89e29cfbb062c388d81bb6f2915efb05a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ad412af0bbe92a65b5958ddaa4739770

SHA1
725af9d5ef1aa3ac591ee2f2cc8b17b6969fd66c

SHA256
4073ce9a9a0d1fcc13060a2b87f635e462ce249fcb713f1674f4a5bffd738708

SHA512
0701172430eb9347eedccecfa92a75701b53348599b071760be0cbe39aec34b242e7d5a4f8209793ba058e25e15328b852d18d046a6681346aed941bebfab50e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
5a7e10e7773c8991d998298f38977922

SHA1
11fe3c017e0ed8395658228f30bbbf8379d8af2d

SHA256
7beab646a4746a4626d5adfbb7f3a46a62a4c82af0f76c192c272ad960d92e2c

SHA512
405f174028e20ea26bf1fb02d7e83374ae04fde251bccb2ecf6d7567dcd68dd0dd57c5fe9f8a6e343f8b59b5ced9f62c0af67ab814adba4ee5f97134e8e268ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5fa10cd393137701a63d68d3d2aee957

SHA1
6d69ebb4224b625e91cb9eeb86f891416f78c70e

SHA256
30c04a226b375d86b537dae30cbb2e20df2667f391a728e7ff6d125085b5e2ad

SHA512
299c43ff112a0527881dd25b18dd5a003690f13e6b35de739ae116cd673c22f5b8a0ceb27204aa406db9574e0f94ad614e04a25fd931a46a19f230f87221f496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
bf2feb6c7289f0d937a68b81cad470ca

SHA1
b542a3ca16aff3e1a0cfb9406a430425d162dfd6

SHA256
62c88eaf5b9f04e344772d76a51b07582c17b61e15631cdb77f066d7f6bc185d

SHA512
8a3ff42360aa9a679e1406efd6ffbaca7d08f34efa96742cce124b6450001b546cfd38fad96ca06156949df5eaf94df8c395ad5d111baa5d16dd72e1e8aa2481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0d7d2e9378bf297462d8db4ae8e07d24

SHA1
1fb1c94b7b9b0c88ce191274610f8411b745a7e0

SHA256
f9a939723fc6ba57c4dd4a149f5139970c405433140787df561a77ec91fc3a0e

SHA512
87a51ed7dbb2b03a4e82af3cdc4ff7200c354c9a1f4667e1a1283ba2b5c2f4691358ba0aff0d5f953dbfd64e2bca87b0874d81796fce9668cacc357e3d0bd1af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
70644cbd5ad5d823937826fe80769d6d

SHA1
3cf371428804f325a8dbd9efa58ca045bfb1959d

SHA256
c921f1a21f567de0a319fbcd4487847442279408229a257d47d867a89d5db2ac

SHA512
edc5004b50ca0b8b01d94e15cdd87ee10094443b181c9171762a18f77bc71b42b76c43c1c269f0b369a7d13d875735d9d92edb082aa0c9c811963a8d84193cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
41bc96ddfe7bb168a3c1d191ec3d7e68

SHA1
79483bb2a112bbad8a66ed8b8d97632a57fd7c9a

SHA256
71dd061daf12e351b482f5164d3485a883f32d83c64fc4fb7b6536651b6e9102

SHA512
358e3c7a3394a5e4dabafca2d32cc1d8b0f338ff8c401b262dc815a9a62b22f24a2c6d9a18c062db951493c4c697b95ef8c3e38d8e5d9739f452921cb9aea5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
776dc9a4feaf4e319c298057950470f4

SHA1
4189fe76b36cd4f0f30eac6e58071a7f36d5822a

SHA256
4a0ed599409b1fd4c81809e394fc6003e0fc1362652553a63cb941ba5c7ea559

SHA512
bfe379bf59e424aabbc3dd8514a1775ddb38a05abaf52abcad81c78b417c428968517a3a9a13a4f0726aeaef26bc802f4e902584809180ae16d3049aeb1204e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed81b5a9fd05fa2801b2c39336a305fd

SHA1
1466a10ccac456c3066b471d8a375c96d5354e93

SHA256
bfe4e537786a65683d504dc52cc9d8007f2353da51fe33415c6e391058e1fb33

SHA512
64aebf1a004ee5b944422ad00f5cd642172bbda6e0a49e86c04f70ffa8271fbd40ba664e2087192aa94a2696878fdb0c7ed14b7d7580d03f7f44dec12aa10f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
994e76344b2e4ae3ce563c05b66e9581

SHA1
4221ac0ce2702b8b307adb01c2c7cb6016e4bce0

SHA256
a11210d8229fa2b1ae221aa1865e838951e00262076d944a89d2c4d700db16e0

SHA512
dd11d723a6b4d0f79f57f2857dcbb34e6e459b76ebdd702175bd5bde977831f6816c1f39935e684f650772fd42822715ddc5a9fe3251740974560b546f46ed11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2ef63cff8643d6967dee8b1bd3e0f18

SHA1
e2cedce5991afcfe47921ec36552f45c7afc1a01

SHA256
8617a370d7e337d91617d3523d7fedcfe17f64a2beb509d3e718fcd1d2fe4ada

SHA512
8e1a4694108f16b6c33ae7b7f867ea8143fba0108a09c7233c6dea931b1cbdf60e27d184f9432427241fff0467381ca3e7bc7fe3fc4f9b4884800fd695943791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e6d34730e1405538813e9ba78de0fb02

SHA1
4cf9e9ef9c77e21ce3e257a68f94a6a23bdf763e

SHA256
1766ce94223e62d7dca86fba1141ef755df80468390e2cb3e964ba40d769f0ef

SHA512
df47ee2ec8bc04bf75220c157fb40dd1c5e47393f1ca18b00e3b2564b95c62b410842a9eb45bb8f8920b92f1fe2ba4b0f8900c4dad3953c9654e99a844ebf065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a1cc3e1ec8824dfae5e4a745554653f3

SHA1
1f9cb714e58d8d877e99cff2fabcc3856edeaa77

SHA256
8827af85c6c282cc119082cdf0a1c5e3df5bda1f6a3ce262edf2ff7082c803d6

SHA512
76a640e74993250abc7e090da0c56dc4593b1daea1ef9187ec866b1686aa8531393eded3319c45183664dc01662039d62d2137d91dc526276a5a24c6971d5a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7843bf7dc15cd7f8c74090af33e51828

SHA1
cf1f04d381edab81b83693e59d6620fbe44c0e67

SHA256
0540c99ad231d9802383430c205ec5f7231fccf44f229792d0db53cc620ec67a

SHA512
8bfb513fb4b82a08004caa07dea0b6f4b4afe336b32f40079f8dd1e86053e4c4472606f6a63f96178b48942000abc46ee5c08a913aee2cc260b7204809467a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
20e7fd6b467f27c33a9d48e7082720ae

SHA1
3996686b3bb97365578f25b62423ccf278d81cca

SHA256
2ee6704f0a9be47fe09bb4ddc73d6a421724942d5352f3cebb2111eb9d4ada1a

SHA512
06b3fe0ae8da49ace61b5d8f385651bd4f02b06c013e1ebda0174f287e52e7e5d9644982084937fc353df80f5323544c34de82d03f07fe78dbc99fbc829e145d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9c7b1ca8c305c15f7db63d45346875ab

SHA1
8ac3f589c55a38c66e299dba8893872a1060521f

SHA256
c33a8b1c526a8747936b2e8233fb6fcb7fcaef0c0ebe2ec62839757c46a23af9

SHA512
1aa56c174de7fdbc942ee5c016d9218d8503695e366f4524435df89f524364aaa5f7a35bad016b4046de92abd588623c350d6339d34f7b1adb723781512921a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7059f2a1a5a30bb065fc24adb74fd6dd

SHA1
dae1b124c997488607d147eafd97c5dad31cf563

SHA256
be9a33e1f1650b6bedbb244250e123eb5400b0fbb82c853daa0c7412b7cb6b92

SHA512
95ef82a76011b96681cf8120dacc58bacd772390812b0f161066024e2380041cfc4fec6b15615f808e730cce65a49139c6fba13c0955d5567a7e48c5d01d5c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
f951d765ea667d9b7790777406a75b89

SHA1
c72156af5a75360cf6125a4f236e9fcea62cbe57

SHA256
3946b2f925b4863de307bf55e08b7ee105e1ea424a81410407e06d480c399e0a

SHA512
4db3ff1c9fa0edb8bb440a0a08e8119cb5ba13311faa6150a747bf28e57fc2e9bc3eb95d09f2f932268e69651da96e077f66af48cec52ef78b3a480789282981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
9e78900fc9100a2b2dc917b4331eacd9

SHA1
898b43297c5cccb7481e40ca3cfe5efc8010b4db

SHA256
e6ecb07dfa867ee13300ba607933ffa04fbfbed893a1cf34cdcc11ea8392cb7b

SHA512
ea344412ec493a6f07dba024d95abe06f46d3886a3c0535c6426e00bfa8d91e77600c9c84e541d108265652ec4c88e12db5e452a5227f7839e0163de35c91450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
1cb9cc14da931bcfb0538430edfcdbfd

SHA1
13024d4437de5023698ad0a7e1c1130f2be02600

SHA256
ff654c0831d69f91e95899ab8c6b75dee5feb741e5e486fa8a0274d8bd397aff

SHA512
21d6a4649601c94f28a23997078f9c04d4135dcf13a39bc03bdfd7b6ac16bb4f62828164832ca60b8f6f2d2b9153824ca5bd8a40b27fb2a55e760b83c421318b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
f3f85c118012319b58fe93495500d06a

SHA1
1046454a680df9b756b412f7d16be99bb43eab0a

SHA256
d5f618936bfcc7b610040786aa95e8cbefb6142d9a49e5f6e6bed13d1b91e825

SHA512
c134586a4f729729153f4422264ea8d4129b3b30d6eeeccd19513a9c0a855b173fbf3c1951e73b2d8b350df1cdecf2d2d7f421d65cde9ee096928235ef92663b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
051db48dcd216b15b68dac31d569cf5a

SHA1
72a3591273361f349912806e691524be547e682e

SHA256
806a38c465bb8ecd6b7c66e6245a29bbafdf78233cbcc44d66b7f90d1efb6c1d

SHA512
298296bc51f8626e95d1bfeb7ebae4e451f2f609abd18fbd5589c95559f12dfd52a40d55e04d304f5e0e86b5a586ff8f379a99ec7a7ddb5cb1ddcd4490b44403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
3c94d1f3c1f9bc740b6650da02df0b8e

SHA1
46ad72f6162b12df4f79a0b6fb04e2632615e616

SHA256
e0975f611d83057d57979a3327fc49a87ab7421f19a9a5474d5b8d44274fa909

SHA512
09042a9926caaaa32b76a4c374b1f44cc67feec596484a52c28944f70a7d9c0fe27a5a72c274c5ad032875100ce25d406d28309189699fde9fde9e8c40b86200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a8b78.TMP

Filesize
83KB

MD5
230442c951061ad1496113cf5c5d41f7

SHA1
2674436cedb9dc389d5a013952cf10580b6d00b1

SHA256
acb5e2d4b18272fd23389ae899b081d45e5aba8a637fd12b715a4a4f88e611bf

SHA512
3a55ff9e19bd218d8ed165e1ecbb195653cf1ac05bb92ec53ac284a706760d9ce3cba18311acda184b7ff1525171ce7dab78c8a6c64db1c711a5d3d9c814ebce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b45c28d31ee31580e85d12f5ce5b6a46

SHA1
8bd9a23f3141aa877711fc7835446b8783b51974

SHA256
d944d6021a2fdf016911aa4d9e8b437431fa4f92b0229b9e3322b4354a4b19c7

SHA512
3628da551c52367a4b54ca0cb7c401f7d3a8dd37375b3b57d82adb06c96657ac55d593ffa7a9f000f74ecd7e6d35562a96013d0c70b04123f055a4d2af72aa3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
640b9bae54d22b45b4d52a96e2f81f13

SHA1
b1c7304e9abbe1759f8df7f88ca2c6354b42fdf3

SHA256
834c17e205445d197a64177b76ae0bb718bfe2eb8ffe492f008946603edf80d4

SHA512
8baaa3339cddca01a018e9a0900426a7590f7107c55372d65fe932dd570bb4289238977396037c9bf73157d6bfd7f1f5795842df39c354200c2af1a84014e6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
49ccc9670c0a148e825d127eda985935

SHA1
5ef6b5baa17189d0f2d924d37f64436bc54eab2a

SHA256
f9b910701db46271cb05ba35777b5d2aea59cc0e6aea337fab1bc16eebb64f83

SHA512
403a3a8da0ba2dc8a7afe65354b69abfdc89ce049347a2b7f6df9c5ada1b31811ce082537acd7e56c48549c144e5c650cab97ebbb2ec5c7c3fb83b486f2cf069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
9d07eff7ce9c259e36241b03af32586c

SHA1
13478bd9ddd9e3efdbb4e51a50b6e636aecbcdf9

SHA256
dc612a2511f0bce30c0227adbcb4d1ce91ba26a0f74e51055f319eb005035dc1

SHA512
0d892d7d3cda71de663f94fff736cb81094ca7de03fa23ddafe4bb5fd5736a718c172af71bca1d60615212c4c8e44df10516189ed508ae1d120001165996aa76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9bc9df19f22d4b99bdf36302c01e4342

SHA1
de7c6c76b30067fbe78adc1ba288bc0d39351004

SHA256
c6e079e1171318af0e397f37d06ab9d674cdbf85bc3b03390572a071c6a77b77

SHA512
a22f053d2466b3c0df171e5977a930a4610ece7b3209858dc7ff18394b9561c2a28045d66ffbc7c29736cae89e9077df67cb4a0be012f71bb3ba3882d794573d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e38b39973693a61863e690903563ea8c

SHA1
9504c0e480bfe8f8f7d6c6d17109f0bc9171198f

SHA256
cfe654eac6bf3a23243374d0766ca13af7502e35b138b551e918a7fc00c208cf

SHA512
98aff59c4286c26c068990d922162e54138a34eddf11087bcef83f13cac0ff2f43b09394577740ac5b3f3a89102f0883ce25ab7559c7aa08ab82e85354330c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
61499fc46f88225c2661e7c1fa567edb

SHA1
bcf31df29ffb27c82864800af9e28719cde3c25b

SHA256
30da00344476cdf1591764ac02858b5664a210290265243afffd02ef2b3dc625

SHA512
78302ae9f06f748deff094bf45671840ca5f0a468edb3e5e0c1cc06755b916eaf1148535ed06a46dd16e194dd3a7cb25b8e339e75284f3097d1066b7a03624e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
560c90989f1573be9413e88c55f02678

SHA1
f032b96ab134284bf92e76cc4f1f43ddfb698ba7

SHA256
8a46421be232a6373af6faa50eeb7c47dea45c50802ce6d4fdc7b06a1b2bb07a

SHA512
2aee32611f88a2f993a4d993e8e14d71b95d9d3ed38dd734501aef8fe16e624cbe2cba3e926092f87e0d0aa71604732ba7d5568a5bfd1ac450fa29b593b232ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d202e3caa41e35e30e2f42090b77f532

SHA1
54ae3930547421174f8b13a675720d8db8cf8b48

SHA256
e7b6a869223b97e54d547ecaa1bf8a0ef60605ccf2df0c61584525911c1a9216

SHA512
7b162479268cb4d4d1d7f1d643acb49ea119bea642e385a2a1847f2062a30ced672ced9fb1a78927aaf4be0a8405f1161068a28690168d7101529fdfe24678aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf0c491044ca7ef4edc2faf3977aa511

SHA1
6c1ab536f74ec6d55a95b20c8ae891f1f3776afd

SHA256
9ed7a6e1df9cceb77a7daca995a69f153ab46543b6f48e8d576a9bb3fb654c6b

SHA512
d7cf4bfbc7ef1d053db168dfc1bd8bb3b99b6839dd8b30dd6ebb22cb4bacf419cef876cac11e74d92827bb70bca64d3214fd647f0ce5d651978b83791add082b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb7d328710e068614b3997209f51e5f1

SHA1
9013e74ed4e5195a760c19c038d887c3053df617

SHA256
85b95f886599f047ad199d0ef59f0af79d2244f94c357db333ef2317810b5d91

SHA512
871d44b9140113a652574d99f827bbc9de551713a72ac4e9d249e0feb12813d4157cec45f013f9cb1e5ecddba93d4014f169da5497b8f208efd619a4c3d6c541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
54c2c6e81cec635ce3229eb17efd41f1

SHA1
cac784a7fca1dcd76900e1a12d952111c713510d

SHA256
cf3628869136778f637a309d47ed9d2357525b92f031be3f603836c12fac0eb4

SHA512
92da13faaea1cae682e798f2efbdd3a8e08f61f09101b7408092811a159b549505320e1ad60b2cea40c4c20c9adfc994419f6f72c992a8d1309a7346fbfa62cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
df5102665607d2889f905a1d4c59724b

SHA1
baffaea16a19be6f35dd8b8acc2284cab8f54b4b

SHA256
d4c6818b78c2a85428c0686218f104034479f0f232908664f6b991720df6f101

SHA512
248251ddc48cd46c3e574991beb4e20f9d7f2bc860f2941d42fedd393aca705bd69b8bed08cc2b67088bf55d3f5b4db3260b77ae8e98fd3cd67cd151cd83ba84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c62ae1bf6b292d5ffeeca6ec0809c874

SHA1
291b3dda77bd66319d752cf992bad80dd11b8d25

SHA256
0ae0ffb1952b4aed3814e3f6500951c4d49334bbcb9ff3bb2913b688619d2e0a

SHA512
667a2610d021e96e47299a78ec7a9613439d2d3b42409997a0fc86fe17e41135106cfc47db91634b19bffdbab15631e024e35cc451046d1e1d67bbed7baa33e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
75be64c1291967ac7c24bf33df3c3173

SHA1
118a45f6e18db47b7abb68bd6f8955f16f337e55

SHA256
006257f1c5bbb56114c786666b2b0c2890fd4942ad535a94d7359a71cff478b9

SHA512
bf2b8e59e89a74e9b1165f4ffa6b22b0b65a5a14ea63353f9b80a5fb8824fa476f39d11e869b609899f3f1e3794f895b0f03a3edfc2ae8f376974b0ab187f82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1f59455b-9040-4053-b328-b8de6ee3cd8b\index-dir\the-real-index

Filesize
2KB

MD5
517fa89634ac9b7af7c90f6de9ea03eb

SHA1
abfaab5f6fc0a734db3b9d34a85113e8b265d075

SHA256
db47f0183679faa1b0d045c5b4fa6aa458543eaff4fabb0637225aa7607f336a

SHA512
85a380fa48163be42a8f3402423022713d4677c73f4522f104a9dd28a35751d9ac92829e0cf154b5e2858d939ac2058c70067c9f71f831245e2e393d98b63560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1f59455b-9040-4053-b328-b8de6ee3cd8b\index-dir\the-real-index~RFe57ee38.TMP

Filesize
48B

MD5
1ab21de1d5cbc550a59f433a7b5a1268

SHA1
9eb53f8f7f1ec4d11ef05772f2e523f56af60ccd

SHA256
80cd68d8e1c5187c72f66e1953994c640d11ae27bd55b23738c8cdae7fd8463b

SHA512
1c9421641507951126d1c3029d3fcae4d73993bf224db2889baffad95e3823e3c10c31e912afcc7038e5eb1b9940319861a36435a4c6cc0660f7e256d4822ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
e28ec818b75000092231e3791186945d

SHA1
143ebab6010ab9df8e0a1cdaeca58f005c7e548c

SHA256
939ea07ddfd9d7bf31a1f1d94b11befca5892c96803deb2bc6887ab79f28fdb8

SHA512
1407425cf6cde80c215e53cfee986ba258b798181065599c65a833d6b86191274f4020fc2142a4d831cf53e15eb02e1afdc193e91cbc2e2daf3fec5dc1a42f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6bc2913baf13871390a14fb73903c698

SHA1
e5accc0d4c2cc65999ac9399c39d95ca81f94145

SHA256
c914c5c6a8ae3f36d434996a2953ac4255fbd27943427e5cc76388cc1f0aaec2

SHA512
2b79b5deb8909fecbeba64c3f07c56dd7e58d8f61fad0cf6a615b363052d81713cc91a5ad4abf60ff8f4c99a21d18e010edba5f978e28016ea634ef3671bafcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f286e4fcb594d223b07a68237332831a

SHA1
edb89c6f03cc93b71f552b6047a18f22388b7a6e

SHA256
10d6481e4ca926d369367bb8e64a10dc988cc743ed275e7226441d6ecdec6617

SHA512
04251d2e2a2f590cb6c6e4b952da8148954a59d358574f11911a37f295fab654143efbc038f3fe666bdea6555437e901af4dfcfe2ab68e585d328853a2c38bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
72223d9da086119c5e291bff486781bc

SHA1
836405ba633f48d172a2e2c9e74c96107d118681

SHA256
cc86c2cf47fc536e621fc6113f2c4bcf16c20be8933d4bc810007a0bc681cec7

SHA512
e674be8dd48716090eb12c836f8e62666858b6fb1b27967858e30479a824a3c67c30f46e8024311c25e06504ca83c2468978fa961124383bd3907d72d189d886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
5c6374b1166d3ab76e094d5ca3a7d2d2

SHA1
1549ac3bbb073b90b93b3aa9cdbc2fb13a4a0193

SHA256
620080d43594be0ddd14ca1bc46cd63f6b6d49a69cdd238ecb11541447eb16c5

SHA512
46acd88cd7a054ae1723bd5d43ba5472c88a3be865dbdea707a3f263003c5e3988c34b58bab738871299f271ebf95262b594596b9885ea3e753c804ce4eba89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
24e399dceec77665eec56618b147b474

SHA1
86539a776704a0d50f1d5ba8adb1008dffeaef9c

SHA256
441b3f9a16d6a91d48e3bf5fdc4be2693e6d019b811d7c44973c7b53437c9b82

SHA512
d1190de2ee86eea1c0a2c2c1732662033d4b2671e549d0617b27155503df8f9147028a60121dceb45b9fca4d4ee5891be2a3ac6a764ae68d156f59a266bca7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e484.TMP

Filesize
48B

MD5
2430b3f33365285da2689b18c6302da0

SHA1
2fa2af0dcd7226fbc0e46689347411e2966c878c

SHA256
e22057893a0570192b05199d238ca9d6f75155d9a813284f176a4322c96e0d4b

SHA512
38f0b2bc94d005b28be7fd9529922e37fcb148da1f519a343998f861e430776800e75200d7aaac0fe84af4231f62cf2038448ecf647d5cc6f83da422d303651a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd6d2ca0756d729acab78f4efecb8cd8

SHA1
b3d52c7bb1c08bdc2aaa892398fe80f496d9f491

SHA256
a7641193455643c8cc370aafa87e98a85b3d4819e159d377c927fd3104a28dd7

SHA512
f2e139937f07a1c307666089242a460faa2925bdbf5718984d2c56c6b9f76cb8efc0cb5be36cb63d3952f68adcba7fd09681120fa1a19f318724fb7132022d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b7eb2b432e163391f204390855cbb1f

SHA1
4b5da1fcc72dae04e92520be3a3a8942180bd935

SHA256
8d068f09db0caf14616b683b611ecc5621503e2912cc14fd6018e4f9990f652f

SHA512
6facfa7ebef6b67d0c92d94fc8275a5e1c0234faf1c7136aefc33d54278c76cb71ffb96f6945d15d4713f5deaab4b524dbeaf417dc4b612418f38c6919bae1f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c701686e614e9bdc3594edb9270f36f0

SHA1
427337a56d36bdd9fc373bdae4d3ac9ce778a5f4

SHA256
7c9feba2b543bcc6a64e1afba0e761d10ef2f9d7393f887980daa28bdcf0edac

SHA512
48add5731d776ad40add8f0161134a5aaf1deb6d17b6c9b2d4b76b53230758b3e6fe6bc5f79f8eedf76716b436d14bf3a0bdecdaeb030e9209d423e94c9bb8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef3e0ab98aab3bddb5488b25598271e6

SHA1
1bc4cf00abcb675d5131abacd9fb4faf25665578

SHA256
4267ac2626aa5235c27c66eba5eeae1dbf485971af5c1d31d857a918f6e0c40b

SHA512
49a9ec29be1aca1e8ea58f3a9e6c52fbe3272289638184bfd2f1eb37fd510fee8712bcbd7b8323608f07528ce0b817810b0934df81caf3420cfa5286359fe286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589c1c.TMP

Filesize
706B

MD5
43aac14be2d5303d9da711c852e82b84

SHA1
15e110e0beb083bfa255263420bfbc96c47af477

SHA256
184d09d29299fe9da2808f6b4f9285712b875dc6fe590eb2df6cd88ca87d2453

SHA512
2e5cd0e0fdb37babe08bf7b219984b88f5d41ac4ea7a1276d96a1bb46b232838e269881492a8e97121cd7a28d1501d0b2362bcec84fe08e3b84fa79eab6045d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab96f361bc4b1716b83cbc744993bb9b

SHA1
bf5883e4fc001ef488390a5ca7daefbdb7b6a329

SHA256
2b30ccd223d14ca33f72a82e16416ffe6f58eda29e32dde9a7ae2cfd8d361033

SHA512
f589fcaf112b8055fd2afd97bc064568253baf5a37e240d0f5c6289b88d6357731b240fcb098defc3f4c08393d2de25a15d603566a0c5cd7f433b5b45e22aedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5cb5c3c7b7896f621c5ef62de613ede

SHA1
fc45f8234b9254cbe5040e2b274680de024be8fe

SHA256
f2ea677521c8e5d08a26b986b266e8c930732437ce3d07be55807ffcf2f58c63

SHA512
631b1615181a3265e002ad93005da4ff4788aee0595a03af600b41e0d6d67eb82f1764820bb15dc0f26b4654dd0378c4a82b74cbb14707bac4e2bc1dc2dd6c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0614041a7d01f4f0e612c4a139d3dfa8

SHA1
590a8210289038e28023728d389ce80b0053396a

SHA256
aea6131ad443989967da436c49130f246a72bac693b640200c3610275de72760

SHA512
fe665e7ded41853f3d1659c7021c630d287319a339445ec6f350a712ed1491301a43152a0a375c7c9a069406ea0362bab531b8ef206d3d7f0a955501f944e14d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit