dc41b44cee8fab6111380fd36aab4fc12997321b6fdc87aa67ec067b430c68e8

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

watch.html
Size

840KB
MD5

38c79a34c9fd1e18a466a8cedb77d78d
SHA1

55a14293efcf1de7caaebb305950b07ac19b1c37
SHA256

dc41b44cee8fab6111380fd36aab4fc12997321b6fdc87aa67ec067b430c68e8
SHA512

15180dadceab62ab1978e61263818974af796793e219aa3b7d83ece00b0583a1f6baba53b58d925d71e7a99a5da5b0904ca0bec7dec6ae419d4eaf6d9faf4a6b
SSDEEP

12288:fqFYFYFTFIFXFvFFFwFSFTUL+M/Ks8sZ/w1:fVG+MfZ6

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
634	camo.githubusercontent.com
626	camo.githubusercontent.com
631	camo.githubusercontent.com
632	camo.githubusercontent.com
633	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661133369169195"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
876	msedge.exe
876	msedge.exe
5076	msedge.exe
5076	msedge.exe
5300	msedge.exe
5300	msedge.exe
5900	chrome.exe
5900	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe
Token: SeShutdownPrivilege	5900	chrome.exe
Token: SeCreatePagefilePrivilege	5900	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 3944	5076	msedge.exe	84
PID 5076 wrote to memory of 3944	5076	msedge.exe	84
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 2156	5076	msedge.exe	85
PID 5076 wrote to memory of 876	5076	msedge.exe	86
PID 5076 wrote to memory of 876	5076	msedge.exe	86
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87
PID 5076 wrote to memory of 516	5076	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a4b46f8,0x7ffb6a4b4708,0x7ffb6a4b4718
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7001016322328661556,1931937756323307867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7001016322328661556,1931937756323307867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7001016322328661556,1931937756323307867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7001016322328661556,1931937756323307867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7001016322328661556,1931937756323307867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultccc68cdah0158h4e98h847bhf79ffebaf88a
1⤵
PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb6a4b46f8,0x7ffb6a4b4708,0x7ffb6a4b4718
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,14780292028983564998,7381342102449109499,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,14780292028983564998,7381342102449109499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,14780292028983564998,7381342102449109499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb5b78cc40,0x7ffb5b78cc4c,0x7ffb5b78cc58
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4588,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4484,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3452,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3212,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3340,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5312,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3180,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3484,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5284,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5484,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5764,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5768,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5640,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6020,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6368,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6388,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6372,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6532,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6928,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7076,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7232,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7432,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5220,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7664,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7684,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7944,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7992,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8288,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8252 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7708,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8420,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8684,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8712 /prefetch:1
  2⤵
  PID:6532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7552,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8836 /prefetch:1
  2⤵
  PID:6540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9012,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=9000 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7272,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7072,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6788,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8572 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6792,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=6132,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7304,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8868,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8028,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7648,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6660,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7512,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=8744,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7952 /prefetch:8
  2⤵
  PID:6772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8680,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8136 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8536,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8468 /prefetch:8
  2⤵
  PID:6340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=4432,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6580,i,13090473547048002408,3937988010838823732,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7172 /prefetch:8
  2⤵
  PID:4648

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5492

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x2c8
1⤵
PID:7080

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5e93f72d8b560a7ea610adb9290ce72c

SHA1
f907f50c497cf5684a10283408a74be97d8dff07

SHA256
31116d51c42d7b4250b8f6469eb5f266af5f3fb009ce49172d0f50642c15bcf0

SHA512
334bdca545884df23a1244be7206a92a5e0bc36696e55653be81ceca5b6b406bdf7116bd4f64f3cd6a13a1ea213f78fa67a8b7cefbb2ef96e7e5ad346c983109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
275KB

MD5
eedcf0dd0452bbbfb728435cbec08f31

SHA1
f0547d59fdfe97345bcf212cf108d21f258173cb

SHA256
be2b14d6c100a6a873594a7eca14189f992a5d5fc03dfbac80124e7397e772cd

SHA512
e6687fe3145fc9f0b736e40984237292ccebaa72c54ef4f4f284a040fe1876a94176400fbaf632a7d778d099cf101778141508fa3fd916ec5a51bbd3ff95f549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
73dc2aece1d1fb8868ebc09cea816550

SHA1
7aae8e8ed50621b81b86da71797481448f45dda1

SHA256
997e013b38ffd78188c663160c5e294ee8fb27a1ab0942242d12f9f75b5fb2a7

SHA512
a1a77d55be758b313a64b1ced8a6b6256e74f0d906fed11ed578686e6ef39d5e39915caf57e2b9500b58b9a21c8003a56e0be80f311a61fef86c359a3cdde97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
3e2b443b50d29df99329ff6e25c77cf7

SHA1
fdd4580a792e7225d6d08238925c6835bd5158ad

SHA256
ec7738fab7957343ee0dfa908f85655cf664147228387ce44cb9c4c09e401d41

SHA512
109f6073c1b8dee3ac5a8e241c9c8783fea5a4888b6cba79c54d9105ccc4296344d4575da7c77b2c4967d271cf0d36d60cef9442a1549cb3df0c202832bc3e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e3aab987d5682052c02688f4b540aca8

SHA1
2e7bae4cd8aa675eea47c399635c64357975d7b9

SHA256
dbc7468ebdc4c1987fd499fa764a1e8e322b7ca21893b918c1d90daf867444af

SHA512
58be7c52c6b2db2f2acd68789ee54328d936606fcd201c8a081485e0c5a626bb499cc03a2cd75dc4f72e003c600c98ff0c1243a9bda70c79471bdc5d9a936475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ed684da85246d529901f18b6e7b68a13

SHA1
3ef81103b438784148414a9fbb6728cfcb068286

SHA256
658f8705f655ec8a0f4f026cfdee5cf5d7c32071ed656b34a3ba067ca8065358

SHA512
71d08d9f659a7291b2c022138eef2d628ddc361bbb7416c1cee6f3ec19e4d2dff0185a3aee229709fc7f07dbd9cd8e36ddc1488e45513f3a73a8d90e9a890816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
a0dfbc0bbde753a31a450007122fa100

SHA1
fc427c24c42a3ac6a28c9df56c674ade64fc91d7

SHA256
0a1a29df2b2d2ff1a9227714e9ae5fde6fe15571f19ddf33e2eb7aa9133da32b

SHA512
b4c3b0b286404bbc97bcb5c1b34313b7361e42eed6dabef486f0c24d9dc7c5189db72b83cde87c79b2a71c8e8b581158eac6f78d35d1ff811559ae787288d329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
6e3006c857bc642390d0e2bb9ed3b85b

SHA1
d217cefc9212832f48ddf4910c76a87b58beae8a

SHA256
8692fad782f8cf039744d4876a1f0968d1d7747490d1f1129d2b84cd95fbdd8c

SHA512
78fe56806e9b559dbc080e5596c8713121a773a24b1a5b58e310e5c703ed1f2b696c6afea89ad0fab0df4d5554fbd6834515852784e1e98c43c680867ac5f7d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
ac8b0605c7c54b0878028f34fda09639

SHA1
1927d6c566bf1704b9c8bd258da1bb93585b636f

SHA256
b881eb7c2c0cf0d7d444fd28e947d67339d14686bbea3a72194a244d6dc9d07b

SHA512
bcec1535e273810ebe75b50ee84c111804076013445dfdfd7349d2b110e0cc46a981bac64b00dc7a4c045181b355770f5ebf92bab067edc5e61bbb1a1e7241c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1843971c958979580335fc294a8515cb

SHA1
efd484d64da90ca5ca03f16b681b2661e885cabc

SHA256
ad478615d16eae5c3defcc3a5e686f8bdf66b4f719c6683a45d55b242eda74fa

SHA512
089b3e4e6767b683dadb668eb939b2f00ba1f2c2cbe5153d1d4be95c55c3ed134e129fffe8119b7cca5a40274772d3805f81f8a4723270001939ad62d6608318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4a641d7fca2e60f157ceae4c11f0c575

SHA1
6781b8dafccc1464ad1d2eda081350951203e7a4

SHA256
c9f9700ec39ea56f11a883f3666351e51f91f2130e36c3be4ddd776c2f3d8e27

SHA512
63f18d76013d80daa886a9a725eee2b089727792f13afd15d9b218e1a9d64b1c7b64ff57149f5823cdc420f876c66a658f4a9e8dead2716e7b76e4bdf223e731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6be64c3fd8210599371c51d47bb5099

SHA1
d0c89d374ee040009a1d161b76fac2df873c4d4f

SHA256
172d73cb7c2cbc04956b400b5e593dd2617d463f8b3cfd46d421eeaf9fbb16ee

SHA512
a72b22aa7a748afaac5f8d0c2ad70b40ee9a62ab9731225d443bbf705a44b003dd44645f1930b8d6b0e2716b972addc07d4140ac59511479836122ac8295019b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cb254263d6e9a909117fb7f0ab432738

SHA1
be4290b93d7a337165674f409ee33d6508b2fe17

SHA256
9242e56f949f3a4c1972458c81a009d835019c5b4c1cfa37546459117d91650c

SHA512
151cc6289b6d253ac38835af0ad061ce1996778f4873e8e5300539c8705f8fcee8c5ac9e57c59d2b635c9c15b0080c3d3d112fa8879ea63817abb9a419c62a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
074a00ded9449a19ce799acbb4feb713

SHA1
230a35d348356a26c42dcefc2c2a97456597836a

SHA256
5448ca7da61650ba53ec4d39460feefd87b289ee410cd734fdb8e6bc1063f35d

SHA512
d04b3e64648af49974db9d02216d03f366a9bf87b27c673a2a34e306de9a0d0fc3cc7b9e5a4a078cb0fd23ca437d82a8ac91c1af32c080886e7938c26a0a666e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d81c90b77013f67d2815e042c9b7efdc

SHA1
45e2117acda3ed704951aded981ebc3b6d4e3fb8

SHA256
186f888a2b954f60dace2a243c86167ee41e73fab5e771e74a9aaa7a0c004a75

SHA512
08638335841ce48971e4f0cc57af031fe3f343d3e5ee0ee730ecd7da367bc0274d438611f04be7ba80597f5c62f3d9836667099d5aa3df82e6f6bd090beefba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9376d75209860b19a9e4567325ed3b0

SHA1
fe442783f43e3c7cdb021392d20e51d358beffd4

SHA256
a6f26187550a65954798d76736d6cbaafeaf4844ff5e3068dcec5a7a1541953a

SHA512
b7e013ddf99a50a11836290704acd468acbaabd0d4d501cf7a8e23d05beb4ddf5359b280779561528cc6d02f0e1a05b955db2a9d2ea04ab283089ca050788dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
65b986e377f6fb62e18c26d5a08a3ff2

SHA1
54dc44a09f25397e46dd27a849b1e90f24a1eeeb

SHA256
e940ff833242554c7a986fe9079232df6bb7faabd51590f23ef7628c532b0c0e

SHA512
c8487fd4925d4320627ee15cc1a3bd0deb7557b671f0be49954729564f9f395fc65407f22e5d3492e6dc9d778d8c4b36cbcc91da3896e5ec420c49040f857be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
870b033867db0bcb237d47c140a608ad

SHA1
6ed3a473df416370513181a9489c5ccee9fb3c68

SHA256
84e19909eef6dd6ccff48a7b14923363d8dcbcad8a2fa712025c26ebc70b5940

SHA512
971c907b858de561981ef100fa371f2756a05254505335ce06016ef4a74fb0ba6e3ca5b5ea73aafe9ce39be72ffebb4e25df714baae830d9b848df3203ac9886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
391a0a8121f582cde3f5c26b03f5a093

SHA1
0130d687b8597c6d6edf044844214cbe02bad767

SHA256
fc81fd145fb46a21e7a1083e842a79ed7fd5d0e35ef466086d6c467514660e68

SHA512
400af795dba953347de327b72965457a948242ab4572e8be2255ff8fc30d91e828bc6682a2a23d7c045e0120b78e9a7e80591f13c852f84ebc1a37cbf77260ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c9abf164-3a55-4fc8-bd7a-2f7b9a422bd3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
469ea15ff089430829f7388d39d4a48d

SHA1
0c0cc17e941296619913a4b58350507daf894cab

SHA256
01bbf585679633aa292d7f073f650db8d09d32e541b8eafa927ee368debb980f

SHA512
eba48f7e176843455e1539428901aae64ec0fd0da0f87e15e2c3776ac54fe85ed5416bd991732d0956234ef83a5e0494053263bf3f3203bb4befbc5a3f8a4cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
5cd6c9315c75f54e2ce833fa6c7019a9

SHA1
f4e2efb36742004401d9f61e8f73f944d964ab4d

SHA256
d4e34d266663ae347246342d3719fd8d11687942e51a6c08e856bf4d58b0df0e

SHA512
ee5409dfb81ac3a170e5aadcc29595f1e26734f71cbd2b2b1b0768da89ce3f7302d29c9437e3471255e2a6bed01c75100bb8e46f88c0282b38d813c94cbe6295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
2b9205029b05277c271be460c57f7132

SHA1
88e9630b3e9f9e1a258c8e74630461eadb34e648

SHA256
d4197617a56ad585368823a6cfe714a789746bd0af08ce37f39c6dc3a113f862

SHA512
dcf203d360bcc4466e8b801d677ca1bbb4c0d5d7ed32a9d83f66caa8f3cd7516f43634754422898f8bc7973b690c9aa2dc6d5983d6edbb191e8d32437873a743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
42ecb6c8e1d8eda2a268cadbf226b589

SHA1
44a6603ac8c5b64c9d09c1cd8f8aff3dc0725abf

SHA256
93821532b94dc67fc07355c0887b99bdfbd46cdd8663a6466ba4a6c9f83fc968

SHA512
79e0dceec44570d6cc647acd7766ae882c6420659b34d2e70b9aa5f2bc0e91106f876bc62718ebb799ece8b6bd7dd5bd67ad3b7644134c147bb5a71ae6090016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5c38e944-0837-428b-adb5-b99b4e2f0df8.tmp

Filesize
10KB

MD5
2a0bb45b43a01f44839720164a43fc90

SHA1
419d2e0f39077fc0669e98a5e57aa49c5b28536c

SHA256
9c9e9d2d259d90c06bad8001ecb348105aee4c113476d75df21431058f547ed0

SHA512
e5036d2e655076842fa0a1b812ceaefabcc1d3414adafff2aeb9b98010baadbdca724a5cc0877222368bb9daf50e812103d8a010e48ea216fddeea9dcdfe8519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
abdf27192aec38e6490db06b5b7fec2d

SHA1
cc714e5c5c9bcaccd40005d1879a3eea371a72bb

SHA256
41d5f496be666b7aacecaa474806371a4dc58e90c92454025eb09d85384db849

SHA512
66f1b72eea1b8fc4d11e75ef5628dbf16973ca9bcec397a52965ce54ce3bd23d73c141e7e6a00c26ce6ff331a84b961ba12f84a57a83acd72334bdde7fb893fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
fa0b65dad6601c2c9b1b7e24ff59b6c6

SHA1
825495df19a3e1c2eec0b5a4d4bddb2378c5b7d1

SHA256
7b6688ce218c06ec5a0d7cbd1992782e31771e1135fa4eff608d219500ee57b1

SHA512
edf87b5663a1824d891acb06645946ff8044edc6d3e0efb3e538abbbb027dfb50ff45d2437594df7e1abb91e6cf47cb5cf6f3c8991f232aadc5126580181f022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
584B

MD5
b8ca8a1d01d461e9e945ba997ed0423b

SHA1
d30bff098f86d7cab7e2cd2c50da61c13ce09066

SHA256
9bcf2d707b4d6e82cca5055b06c1023fe5f4ac638eb5498eae997b7fb7b02ee7

SHA512
abb06070c22d0338c23596e180cd019f67fb21ed9117b26f1bb09831427a8c083030ba6bd59939881e26a7e7fb6402bc4c58170bb769bf6a1605e0ce9bb2c655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc4152079e84d0dc5db4e4af156b1d75

SHA1
8374a740ca0139dad39e22e33864bb0d0a1812ad

SHA256
0cbbc674d244e31b57a9c1068949a2c8ccb91718133bfc1fe07ff1b84662df05

SHA512
5c66f0696dfa78d9fce6659d2481462d872fb259eb6841f6c780393252c19649350879589310dfbc0c5fa906319db3693593ae815baa1824b0cd067d9886d4be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79b2965bc83d4067201e28cf7da43116

SHA1
54caf301102737c47b3ab9c0daf073f37a799bdc

SHA256
77fb945e0db8c6fba76f2fc984f9baac8f87146ed962a4526daf3b91f70b6c83

SHA512
f55d137ac97fc86111e3e61bfe4aa0631402590f776168782ba4586f5d894632cda77a35536e4cc97c7b552b0e6c67deac99836298b1ecb2b712c469e1ce44d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2e53d0f8b6d121e2f3c8cfb93d33f5bf

SHA1
70c5e39632531509df68db3f017466ca1f993ce1

SHA256
24cf181b0927085ea54b507607695427b709e0f925b1a966870be47034466fe8

SHA512
0ac4378d4e2960b37d13ab968111cc1284d26f3e09c0f86ca26b01239adc3e0a263560efd6694bbca7c1221511e801fd99675ab007b4aac6cb2dbcfcc52d51b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
038f4f299c66889e435d4a434b04f357

SHA1
c1f2190975f3fa5e293323815960895a2cdc5b60

SHA256
618097c4a489727162516c97faa485bde73e02cc0afeae05270589f7131f4a9a

SHA512
aebff9903cffabb4c37c128538514f8a6016a82aa2a375288d2240e1f8a1d3009a79db444dbef005fdfc1df0068b039e7b6e634e41731234d8f9db06b13c26a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2e79779a16a63919f6f36fd81efae319

SHA1
769c6b6f686e8584def7a5b86134d7101e13cd82

SHA256
1305c5ff9ab2a99a77076eb90f600ac233c017ef1bd79894c31f9fd41daf2b53

SHA512
ba9b69845d23737b297f7ea9f2e4dba1a5ba76a560886eae10d0fadf555f1f4d096c66e7ab07c7ed4800f6258aa8f886ce252be095f367f2e7d6227764492c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
6B

MD5
b602be19402c25a78921247d5321c5b5

SHA1
776342336a06f2d240f426c7a3c29422cf7f7a3b

SHA256
184c29f0611d3c50ba791fdbc6841fb0fb2313377d1a3bf76860f7868ffbfb84

SHA512
eef46bf00744857d68e911a541abce4da2d2ece09d7346d5e1b9dd9321b5036a294cad788faaac678d2b4b6defa1240f299e110907ccf4ea9fb8027219846b72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit