hxxps://www[.]wemod[.]com/download?title_id=43830

Analysis

max time kernel
221s
max time network
222s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/09/2024, 17:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.wemod.com/download?title_id=43830

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702889797748178"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{A3F4FAB2-F8DA-40BB-9DEE-DDE283BCC71F}	msedge.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\a (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a (2).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a.htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
2544	msedge.exe
2544	msedge.exe
2100	msedge.exe
2100	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe
1160	msedge.exe
1160	msedge.exe
1132	msedge.exe
1132	msedge.exe
4252	msedge.exe
4252	msedge.exe
2720	msedge.exe
2720	msedge.exe
4276	msedge.exe
4276	msedge.exe
3272	msedge.exe
3272	msedge.exe
3048	msedge.exe
3048	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
3644	chrome.exe
3644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 3772	2544	msedge.exe	78
PID 2544 wrote to memory of 3772	2544	msedge.exe	78
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4716	2544	msedge.exe	79
PID 2544 wrote to memory of 4660	2544	msedge.exe	80
PID 2544 wrote to memory of 4660	2544	msedge.exe	80
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81
PID 2544 wrote to memory of 4216	2544	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wemod.com/download?title_id=43830
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff909d73cb8,0x7ff909d73cc8,0x7ff909d73cd8
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4324 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,11071542159300523253,8861108616906892586,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4392 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8
1⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ff8f668cc40,0x7ff8f668cc4c,0x7ff8f668cc58
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4968,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:8
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3536,i,10843834185823215796,10999015014083081427,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:2844

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8ffe3b53-b844-4a14-84af-7a90f2571c01.tmp

Filesize
195KB

MD5
fbf690e69befcbcc637de9abbc996163

SHA1
e3621704d33391484164424dae3173c591fcf8d3

SHA256
24ddf56adc80e135cd69ae98ebfd47159ec86dd9dee967557edbec8c984c077a

SHA512
f261aecf489b7de64e2299cf0e59f1177c22a2a540e6bd1d91ecd2cd1f8398c3f90fe0ae69f5eb5d9b1823c3a2dbe05948e3b02e6825d9d3543c78199436882a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
399bc4966f2643ced493294c56b4798f

SHA1
7f0cb2897894cf637d74b6d325fc4b6e186de294

SHA256
7204d969a2787a500afeaae72c97708e783555d4a982cb4f73659fe2988bf6be

SHA512
b06a2b6b404e162f057b06e4a202231aa8e5dbf08dacb3dc31c4c544bd7acaa6484b984bed0ead162e8e0ea4ccd832d9fa8ea789520da2669e3b1baf481524c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fdaca0d952c8d92a5568a430bfb84424

SHA1
ea905fda186aa2c370e940fb66ea1ebd06106a65

SHA256
8c187689bb1d85207d24c37d5ebc31bab89ba70e206b76bbb25b10abe7f7dd7e

SHA512
c3831cb9ea29d7d4144af8a90a782ed309f9cf89f5ee71b598ca2829c24ef24a9484ab61796529351f2e8b30bfbf1db52abbc68e53b358f33b4f1f2189dcc61a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
013d1747530f836e889ce382946541e9

SHA1
2fa86a8e719e85199849c99603848c28978f2da9

SHA256
baac83cc6f97820dd8d6f9fbb7f76cb37611f78f9456d8856e9d50de7b7b2281

SHA512
efe1980a7a704ce9fcd20911d92271f77889a41ae416da0422c93d0f0956b2790c76f768ba505f88e8c775f35087a5b72bdf01de37a37c90545d5bd66cbd981a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ac8b9e03282904334bd924c9874760e0

SHA1
2c94d5a480407fd3bb4550818a5068c31af0b3fa

SHA256
695c89f756476ef777b23fb24de9a5c4bb2215be568aef80ff7635c9338d9c65

SHA512
e3403efbd05c5e58d3a4fa7ae6d1c3cfcd48f4fa5d0555bcf91a27bb464d8822b7ccd4abe2aa68827242c4b2086bf976ddcdb53687e3f7f395136f4bded5bc5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b79ab4e3385ff3fce604c5791dc07b64

SHA1
446546757407680ddbafbf603a067dbb60e62188

SHA256
8f22c03ae3d704af3882215f3440a3aa1421226b14f7c974b0b41bcf9bf86aca

SHA512
ca8c37ac981baf60b6414d3658ec4c828be416e785ff33df8e4f6d063b353c3c4f67d8351887fdbd57dcf00c3d5d0feced887354722ba2d10231098cfcce8382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
446de504843da73f4f1df5eae74145b3

SHA1
cb53b64aed35a563fe0b3b4b4da9af7f08136e9b

SHA256
c07470f4bb4d007db61540d0a00917ec4c44704581c4d26bd29e49772225efd3

SHA512
dad1836ee0a0b401e8631aeb6356787181a86a4a00ccc9e6bb4fd6a8f39923bfa3cd382d1e5268ccda8f53f8f911b78dbbec5096cd3dbc3bb7552fa3525e5769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6596864df5843850c7a4c60658eeaf0e

SHA1
504399a7cb711c4a74c2e6e242fe49c476129b6c

SHA256
328578082b2ec8aa2421a78044f2da8c6cf9bcbcfaa2035efddf6f83e7544c26

SHA512
f380d30f031b200ae1d2fc79cd0ad713f3678e781822abbc80ebfa2431f642b65609798b65708e39c876aa4e9a3305b19fbc3dd8b83be4f20c0d8f86e6c1261c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee38bd422524b0321d7329c2363095a2

SHA1
1b9267dbf6682f8426faf737ea218a558be6cda4

SHA256
af73cb9f49ca3f9f67d3b0c9b3255483cb75b7939cd760e5d9ec18cf6844369e

SHA512
b04b53187e895a08abaffd35fccb8f4ca9a5e3e78f476ddb173719b8b239baa04cb494c9bdcedb9e13533205e9adf1fa0e8fb0aff4bc859ad231758cb5b26646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82b83a037203395690f60759569af399

SHA1
fee9b4448ea3947500db6a31e9770e3022cc6503

SHA256
71687e3477dffd001028b8f4f46348576d393bb19e2d6fc7f1056fa771e4c873

SHA512
5c2e460bbc665110455f196941b3bebb2c1b26dcda612f946518ef6dc06aac5ce7610f1e0bfb718bfeae72ad0b060c9fd1d7c4de97767c853f6dd2e53a0acda0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35371d178e8f3721c1d33594289e396d

SHA1
d67a5653584573186498b67a2ff8cf8dae0ae51e

SHA256
d51106c1b284c5186ab8da95c745a949f6f755918b1b5f081035d86783a1aa5b

SHA512
090a18fa503e9af9aebf2579fd7420b14caf61e97e0e93dae52d727bc8733c02ea5b021b951ad209910be2e6fb3dfbb6a72617455021bbda226a1cb321cdb562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab620bb6e51a24aee819edf832c6441a

SHA1
7f8b19bc2646ba18a53d8585bcdad2e2990508bd

SHA256
c26d57a4c079ba8287e90d7b3a9658d5f23e59e6818909aa036ae4643d920835

SHA512
e187275c765c9269a9cf788683b2bfcfa394bd859d56c434f7c8f5d7be53ee90fcc21d20934d740b8f5e81a530a108f6a7ca706a9278a7a0dccab800792d1717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6976be5d017475e1130a78fcc65dc457

SHA1
49e788e1042d3b70af70d3f462ed2f2afbe84f3d

SHA256
7364ea391c3040d7e580b6eafaac5afe78ed27c6e38bf02437287e295eec5a95

SHA512
16760735638e767e0b89399b3c78f2b488b621e03904a8a6a0905aa280c1fe22cdcb9826e0e9edc72cb8824c1c7d40bd9810bc6d5b375b46bf0fc7d9b2e084f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cd5c46d3e2a7e8f9516956bacf238f0a

SHA1
54b2ac1948d349c58800cc15f95e0da5537a97db

SHA256
319de033dc1ea4ba6b3eba48aed180c544723900ea685feedd835b35cd647658

SHA512
b1c924c952cb7905798ff4006e20acfbe2554d5af29488b3e580227888fa254694eb811f664bbd810cbdcfbf71f22bdaab23eb3c8877c02447afb024c46230d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
600b9a3056a33872d609ed1530ecc8f3

SHA1
7d229c93df406023d935f10dfb7d853551467f0b

SHA256
01fa00e674b776919759041b678067fac46241ef1bcec196fc33243b6a2f9770

SHA512
1d3e911120804e6610b9dca2ded80e1d993b341df344339d5f4c8e556b9f20bcb7b669573e15924deed5a2a14cddc8c3567d0c60e4ce69a8a6e7def66fabdeae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
54ab7882085a32f5cd524f2d2b2fc3a9

SHA1
53f6361c4164915ffe0280f5e5ce8493b4d8a2a7

SHA256
acfd68f910c785cd62015bed7c3fb922fdc9431329a429691a15078b8ce8b03f

SHA512
1d6980b6e1e62bc24ad4cb95e06eb2309097d6eb5154f80bcd43af26a0e4e12d8099f8602136e2f9cc8cfbd42ad6044c5ecbff2146bf60cf9312d2c8df6262f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
18KB

MD5
04a89c2d1ed6a09f50add663e436ba1b

SHA1
75caa167964d20255ad2d6c26f72df8022fdeb6e

SHA256
353bd8932d774fba03ecedec6c78f100c66d05ca80d5fbd2f08c06caa2958b84

SHA512
e4acd2c6d166850086a69f44b8670710e168a6362624023612acf49b2aafaf75e743e838f65edef8127b42799e59eb7615fdb71cc09b4f92b16e653f42635ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
67KB

MD5
6ff37092446768f3d4b5da960af6265e

SHA1
fb707ebd950f27a67a3e8a332795ea9b7d1c6e9c

SHA256
b00cdd5e9529c58878e88259117a10b54d1b054e7734906c9b5f6c36d5cd1bb2

SHA512
3d021e19b56cb7f656e870ab7f48758b82f9cdea11004f92ed708e99ed724bd8c9f035a5a1ac83ff1c75019e026b3c85c88e97db81fbb6028a609eb4ee12dcef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
65KB

MD5
ca0694b154b50e0896e6a59b8cad4acc

SHA1
5cfca36f64a15e0ffb7d9e3a9d7c14aa0c3d3e28

SHA256
12ceb8bd46ff3107cbf4aed4b6bd4209f45d37d0f554feff843ea8d7df2e313a

SHA512
b7ae0e93e0f522e563833dd16856d0baac5bca2d99db04dd262842c9ebd675efc480ef0f147135494410d44ab092dd2882ecfeede5681110d38bced3e571d390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
92KB

MD5
edadefcbe4fbdd883792920a72eb8113

SHA1
9d40200be1c744c718cde42263291cd8760ab598

SHA256
77731b77add284a8f12e053f650746b499acd6684b4b227f0b43851cf0cef2c6

SHA512
6dd827a98e9ea76747c9362430315242a61ae025d4e5dc46ead86f32fc52183e4677779524863357a1ec568486e9c670f125ed5c43fee9c98e1e461c4e325b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
36KB

MD5
0fd6896ab0c75efcab1a8ceb7b5459f6

SHA1
901644b28a488ad856fd6b65b0505447efda0722

SHA256
98b8425b419b3b12235bb4c576ff1577250df83097889e82dc118ba3062c555e

SHA512
cff7903609ad320395d09a2cb5b4cbb280236c1d793b69166f3bf9848236aeb44168801af141cda00cb6c394dba210654efb815e63715ab186813ee3a21fc5ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
30KB

MD5
6709c94f3ac5ade4701e9fb65f7a3b18

SHA1
8bda98d3dafa72d27da0eb82c1c9451cc1ed1340

SHA256
065ac04e643bbbff55d29b5527122367afb6980d6969afaa70d0c34463515cbf

SHA512
42891748a1be67a3ff752273d1b7b1596cbdcb7fef60d0751c653299d2e46b729f9a8f742e9574b07485783b463a2ceb3e4bf205a7c6b18aacd45041f9aa98ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
27KB

MD5
852d266f48f3667191ee55a0fa8c5bfc

SHA1
9612b35372c606431f9f978134350b3aa64cf9b5

SHA256
78b87d74027660fbf9875c84ed426e0569209d6782082b118a4eb01f3111872b

SHA512
594d9e6b7f8a51509f0f40a038f93a4aa036a97345143dd3649fa1517a9e4e5734b06c85b4b94ed4ba842a6f78b815f18ea344bc8f0cddfee230662c5320255f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
22KB

MD5
674fe0f9f7d0a4d8811ca45ed1d49d3b

SHA1
1b298b25d815fb9da03e2b5f8667a24e97a09a13

SHA256
eb39bcad79b5513d93a262c50c9badefb8baeb2411c9b4ebb69d42dc06022658

SHA512
4443a2eaede2b9c58ea9b22a188a9ced184c74cb956712e29253e395be0d1b912d87e3bd0a8898e998c302f5217ab5b50f9d0236e24ed8426b56367684ac9940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
19KB

MD5
8b7fab2509b32042c477a316647bda05

SHA1
39f4c08ec853e507a90f1ceba6d91ca70d6ad178

SHA256
304819a71b4115b71dab41fdf99b750cd2e8dbd55c6f05cb45e70602a77c98d0

SHA512
d551e43b51e87a90d8f117b72c3cd2bdd799240527e346d7e365290829c41a83fa8caea5d441f56e06e57290463602c464fc811cda1091e6821fffbfdb540336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
57KB

MD5
8555657a73b1980473ce0887a2250b5f

SHA1
70816655cdd058aea3a4f2358db65fcf76d291bb

SHA256
a8efbcda248f73ca4e939ae858eb2aab8983388ce68b75ed695c960ee45e465a

SHA512
354bf500d5889c7a74d86e2747adf8d77dcfd7354ba2e6f63f3aed12d25bc3752135611041ac2cd0e0602b9841334f1d4ce165a7a3bdf91843442c88e2b85e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
43KB

MD5
10ba9c7d84e0a14382445eb0ea8dd476

SHA1
927090102f9a22fa4e8eaeb5138b337282aaf780

SHA256
b096eca7fd58058fe8254fd7bf4ccaabf645bae13b4bd7fd8f1e28f861234e58

SHA512
816653eb41ed3dd1e4160e46a3d29f677c3c86ff654b374a85106c5972780589476151895035ef2967e8fb1839d2c2f0abc155050e586bba4f8b91f0b6f72de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
25KB

MD5
b31ce6ec62ca017fc345805441bd55b4

SHA1
1bf3df47c4acb052f6b03a498a5eeadf6f5844a7

SHA256
b90b65c29537be9fd1bf6f4d18191acc70208ce9da937f1d7e24a7070e37c553

SHA512
d00e593b5baf71746f01199874624f0fdedf6cd63e3a56a4be9bfdb7f236336a6e2f7e0834c3fc90e5f1501f2013f430915d8f662bdf1dbf3018f6a5cd4212e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
38KB

MD5
7db9b2a02abdf3af23007021a1448835

SHA1
5f68a1123ad21289dd9e611fcbf66f868ed2d999

SHA256
746cb4b52f1ca315a7e7d52de5bf3144662bc05cd572e74229772628840de176

SHA512
e21384881340f2312eba55bc371e554d53a261b6314233e13383ac4cd1e6e1b590a882580983e9521b15b0d8f37f90c9e31dcd5df573306dfd46c6e30a696f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
30KB

MD5
26af04ca4fb4ab03ef3adb4707801389

SHA1
c9af56c7566ad70ebb66b9227e86f9d188507c19

SHA256
002da5525aa0dbfbcafb740a262f92cdaff02c4d625ff39a46419170c23d0be3

SHA512
fa838a0dfaa1f353b2a6f090301c5e8d5791bf04fbd6a19d3ff92514d74ce40ec27121201cfb22e7b0a81f753a0f1cc6bc680c4cc3984bfe086bec38ce92da4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
26KB

MD5
3da1b32f3cea9aaaf81d07936d882d08

SHA1
22bc8f4c04ddb02422cc0b4c16f38409d1e2243b

SHA256
d37606c01874c0f852fcc6fca374051f6dc9a128b34e57a5de2d31e8691bfaa1

SHA512
9264b1740063c897fa8f0e382e3b41e8ebd188c8d0bac6ce22a7607503d18ee25d48db486715f15ca2bb1ecb05a5edaab2a2546962bab95cf8d12c0a76eb2e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
70996d42f652465c51547e639d16a032

SHA1
c40eb63c5d47070afdd085f48bfc91f42ec15f22

SHA256
a7a9a9cd340d482be9b4815350ee1db2f6eae7f7c2b5f174b1944212ad90db78

SHA512
6b1fb4aa7d2e9bd414ba173c091078ea880186ba0a0e65a911009dee4390b3f434b1140213b6f4b74f004e2118afd0cae3bb75c58d0d2c424e391cf03f891790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c5e4086cd750e1d4c084346bd894e874

SHA1
88cfd4c3ce124248d4dea72bd9faa05fe21e5812

SHA256
e125e6beee9d703153290dd4a57b879ae593048c513bc5774a6c9c78187be9d8

SHA512
8133b0752f5d2bdc2efe67a454f6c2dcf176ec65668ba48c9da9190c0667e70e8b87812242c8456dd979d5bcc9c8155aa8f06f50ded00f8626f290d15f784779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
869cd999e654a429e42c32d27627354c

SHA1
0051f54a2aa2d3bd9a158613aa70cf73bace51a3

SHA256
08358622f4fb95e0b5d60e2dbff8c9a7852d4d784ab200621e7c05e7450238b0

SHA512
8e7fb3a2a8a45222c7d3fdc3fd31a0224a763993ce130e85419fa7bbfc87f5501225ed6ab0846303fd018b47cebafcf4bd6d35b3401614bd374222de5f7eb7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f97247b7d10c69d80123edeaf9206bf

SHA1
2bb04795a17c38f157ab692edc315867d6f1a6e8

SHA256
4c7a6e159ddfead20ab5acc26911e88b26d9cbb14e334f41e6707f18335139e4

SHA512
21c9ceacfdbefef5e2f3ad4d82a09501de89fecc8ec9830741fc328cc20b992197b4a6f8387c2491848b4d7cb09a9dda40005362d395a143cac4da24ab5f729c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b44fb0d5d0b22ae7d0c80f46bc09b00a

SHA1
576b493ecbb512e584bbfa260e761cf8f9a9a11d

SHA256
fa4f649268753c2d81f38820b7c27df17425afde04683dccac8f56edeafe3932

SHA512
d52bfdc0766ee443b8d4086b4304ebf4f9e1fb229e24fea20997ee80eabf59079531fdff2153d6da6f79d7972616c037b14c25dc5e1335dd2f946edb61f4a25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c0511e8ae014893495fa40fac62962ae

SHA1
5df14408da740c13d6196f7ce6512c81eb67210a

SHA256
3789bb15acc11ab06ba561af9af43a9ec30d42dde65c729a00b497166c53b193

SHA512
1d9a69288aca4da0bdc8586f68bf96fb563d779aab792ced83a4fdf8d6428d1e592c43844a94b1a5d0790e2341409507eab6973425fa63a5479e9e06cb3c4d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ef7de3eff250eee5db38a277b960d7d

SHA1
a66de39a41384eddfe008aca7a6425aae1debb20

SHA256
78fce8d59d1a8a15dd657192f3d298ea93da66e4f484553bf84fce2adb15a108

SHA512
e28d866821d8da492b0c41fd9c0fad7f9ea1c537f153eb4b912eaab32cca4ba5f89be8b0ea23ee502ba9f96fb353554c4841ca2a96f36492cbd64c4d6da42777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f291bd7a98814180c28b628685462186

SHA1
e081309d3abc3b0ea2859be12dc47ddf259d04f5

SHA256
538dd395f3d85d203b41e804bc65c8468164116173ae428b72786590300333aa

SHA512
aa8acdcc65608c43fcc2f17ca49268b74df084ce5d6391cdda47001417f6c7838ece9ec0eb41f79c8908c129e9d344405916413735767c4f3c9eb002d4349713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6367580e9142c5bc5d4294e039522fa3

SHA1
7efad5893269017e853cbdc1d7b6564a46efdafa

SHA256
8c92521e16f2995ba6d727b2c35ca7843a9da862621e11e3f450a6a68b261dd0

SHA512
5755da6e0d39553ece2ae961ca5549181603533d4e5d96b59b9ac26fbc7214fa3e77f1b89d0c97ce53052caf0124e104344e9915383beef304e95209c79bb663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af518b73a8c90da1cf93ac0e61964ab0

SHA1
2892906fafd1d943e5609559e85c6c86324704ae

SHA256
eda517de37aa22bbc7a34fa7989ea51a80538251b6e808278fd9d2763f973bb7

SHA512
12f279d8ea16c06853fcdc4a12c8f04d695651a5d0cd8f20a464a64ce63d18530df652557494ad68c02c884dc07493846c31b2fd0270b152cf4ce6ae56a5aa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff548fbf3db96f0959665d72689af60c

SHA1
940233f98168b2dffaaa71c9a840c80b7ed43d9f

SHA256
651a2bca93b35f78674f41b8273211dc7577fe3efc370f516659e9d741f6c83d

SHA512
7d4fa5a3df007e6fd61026443bc6f36a03eb508e9c3c8fccdf688d1c539b0b47287c604e4ead6995a68b0867b3f31bc96e58a123eb5394b89a8d09a1afee7d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1f9369f13de9195b901cc3e90ed67e07

SHA1
5c1243e9b105f8f614e7042bc046d0effb652ca3

SHA256
e4b7288b411695d5b31deeedd9e439eb9b66d4b6e781ec89a32b4b43591a058e

SHA512
f97567b529c4e240b838114b33a2f62b475f2a53b20a8d8bf8105d23577f3e81bd6ff868b7f1d4241dbdca54b7dad6e155903e75103d9969bd9a6aeb2f464eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8abdb121cbab8417a30ca559edb30512

SHA1
d057384a9dd10308a33564b323f4da762857df23

SHA256
9cdcac2d44997ceca6dcf95b18ef89d5f8de0659af222e979036b9e78adf216c

SHA512
383f3fff9b75e1af9dd4636fdbf140f20d27ea10901ef45bff45d3e9157abb164f629a2209ccaaa2cdb619bbcdef5f646fc5b97a6fdb250f1fb5289ffa92cf6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8430bb2f49064bbc7df81d55a482410e

SHA1
bda483e3ff878b7e714cd33e086fa807fe31cda3

SHA256
39502ba600698e4ceb1e2998874738080e094b074c17b07abc7d451a77422365

SHA512
c3590dd4e44111644fd655c6cf12860028326ca8dad944bfef87e649bcdb24cf8429ca60d3f42eacf6f7b130d03a9b22d8f800736dd459f6a4d8fc0202982091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ed68c362ff3ffb58e2997ef7784489d

SHA1
3cef32a123d429cecb9ce117f5da0a000b3c4bcf

SHA256
39e2595230295da76a2dce7bec23a73a94f3343a9b2bb118ae2b921afaea894f

SHA512
a6ea84b5391276a1bd52232d47c794211df50bef020e327a599b5d2e999e43ed3633c9b984df1edbba94572e98f60bf01d5029566b59197378ebdb9a6ed418a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0fe8f188ff621b5e66a26e669a3a1a43

SHA1
7498d8f18484fba38dad8bec499029c65a6e839f

SHA256
358672ffe77336bfc2468e102ed779794aed9e755fb85e7d3a538e93d9afed34

SHA512
99d9052a20528ec5772fdec681ba12096c738b782605c703530856eac65544d377c87f9cdf80361c21b6a1d01e73da9fb11fd41714539547a0555cdddd98ad5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
cc48e08af5fbcdfd191e579899ea4f84

SHA1
e9984c3186198a7ebe12ac7604b318cb0913e3f4

SHA256
9a0e18299d49b8db3124ec305c9f257474d6d7bedfd9d28f7f4839d501510554

SHA512
1bca562398f47459bf329ff3947bc41e5d112866e54356dbb237d86f1607c15ee395ada3a1af3a1ba89ef82f62a94056861e5af273940f92caf1633f442e3234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815a6.TMP

Filesize
203B

MD5
ea7937ac12a1e780a1613cf62f49b40b

SHA1
5f2f56a33c2bb1321315e3fa757aac9fd3b72323

SHA256
2bdba20c05cc53474a4eea2255a45ec51f893d48a25346c4f73d7b5135c34b1c

SHA512
0d3632ab443f861b2a977ba621f98a2060b00aa8a9d5e5e12b8a0cdfd6c1d4676d9f3590ea751c10fcf29d1c28c2806b074416cfc1336d141221adc4583345dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
9291375e070da2245958e0a4bdd594c2

SHA1
92ccde1c4938f99cb231357b5745944b66133da1

SHA256
3d4ba3a58e175eace8b16c76b20719b3a0b9728e7e6774372762f6b9d407e1c3

SHA512
0b0718f618ee473d921d340cfae04f7c004fa614209927e80b195f43694ffc17d16008fd2ebbf7b4ba569ecf6ae00889bbcaf85ab839bb46760185f9bd2a765b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
cddbb073abe9b04ece2cb6cec75052e8

SHA1
b0f7c79dfb1a3897fdc62771e406cea3447bccc0

SHA256
5be374b55188ce67648deb1a89c08a599e70bb0b4a2a94b8a10adeefba087764

SHA512
7d7337071d3e1522a4b56ecad5841f608abf428b161f6cd824854a8a450a6269d5fbc65f544b57353bfcddef1a34f4473d0ff3face1c0015311ead14cf6db39d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d4a6c9037b9abe4dec1cef1ceaeadfcb

SHA1
7c6653f64d8f71312c76fe8fd58f981bd4e9ee05

SHA256
5c157a84bb153ea9c2b5fa8ed96f9cc850dd32117f01085184711544f390f285

SHA512
b06cd664bb77b593516760491c193cc76d165954cf008f1ce711cbc1bce8a7974cac302ee7bd3895a9c57b06f4f269fba9c5e2a960c39a8a7a6cb9f32c35cbad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8a2b744a1bb33fc6ba37bbe006bfaa77

SHA1
a82d045bd1934fff4739b1d212f3afddc0dfbb4e

SHA256
704e88fab1c6fb64f97c7ba58d85d5a63897f90481cbf30d915b09e3b4adf7ac

SHA512
8908da04a7aa42e99394c1cb58c29905c634bc470267a35a1e62269a31dfc4092db94271757b05fcac2b7d0d9f20d6dd2cd62f0abe31af5a34fce812b54a330f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ff27363dce1a9ca6094237fb884b3db8

SHA1
dfdf8d5ef4a731ee5c71337dcae5804bc82ea186

SHA256
4c25a6203c97e0aa0aecefd4a5c72d53049cf7e3d8ce6e43161922f741bfcbaa

SHA512
64af42c1581fe784987c93ef94f63cb29ab6ad257ff373c093a4b0741201d9b2495a27bc6d815a114bfbc764f138dda741f5389df59ed29bf8a42d33ab8b30c7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 474210.crdownload

Filesize
74KB

MD5
11c4065f399f77a1c9cbbd8dd6b1fdbc

SHA1
2016849c5ab6b805bf76147fad366e6f5446be23

SHA256
b1a570987f1b6380f9cdfaf76b9ed1f64a4a07b3dddde41749e9755fb55411e4

SHA512
52c85e967831f2c57e92acce1ec43cc6789fc355f4b4d5faf765fada69037f5d4baeeb24300af750c2ed0a0adbbd2b2278f114fb31318969a52662bbeaac3267

Download Submit
C:\Users\Admin\Downloads\a (2).htm

Filesize
1KB

MD5
bfe95a31391362b603a87a13f420fb55

SHA1
6bb30ab101c6c594457d7e139d511b2865d97e86

SHA256
86f55c6483b17765a217f0f2bf2fa93e50b9b57b7d24bcce0cc4010c1a5ddc07

SHA512
c0a3485541fb3fd2effa11f14c9eefdea996d69ad02f8026142f15dfd3f0d12916fe52c9d2f14e7c38e2f38abc05355f17b538aca6d9485e1ade70266532539b

Download Submit
C:\Users\Admin\Downloads\a (2).htm:Zone.Identifier

Filesize
489B

MD5
4977140ebc01d49062f192d4ee688ced

SHA1
6a6468a31e8b1031a9b5bcddbb7570665c9664bf

SHA256
d01e38c33e134b028ec5594a597fd57d0597df28ab73232723a8d349fa31ccc6

SHA512
6d3245475d7ab48d4236dfcc5b5e385a391001f58adbfd1d6d42ebbcb9e00c07015b8d39ed1171d2ddb4a4e3cad22b5760cdab04e88e562594b77c468ab05bea

Download Submit
C:\Users\Admin\Downloads\a.htm

Filesize
1KB

MD5
ec72a756f6c75a1897857d1a87d0cf86

SHA1
0f1af7b5bcbd1d24891321a35e1818682acfd0c7

SHA256
8c065223d4d5a37ab3a9ed17a6f009627f4a00037e4047a75218783522cdac15

SHA512
37112f5bb981c99290f0e037ae1eb24d9bb57ab94dcec82820477bede6b81728dabcddd513512a5cd2371c3cc9580585c874aea2aa0e1717a7733b06285894b1

Download Submit
C:\Users\Admin\Downloads\a.htm:Zone.Identifier

Filesize
486B

MD5
20576dd3c593dc5d1e4a908219aeece2

SHA1
68c477b86cb9271d8987280f21b05731e1009a1a

SHA256
8d73edc6e7354014a3e506cf37587f53d6a9bbb02153fa78f52b513c028aa680

SHA512
35461eaba2ce80ec26a5b70cf10ffd3b288d434d67574b5577b5332c46ddecbce3985e14a9a8a3b575a9575367bae92436c3b49dfa6dd155a30671ff3c3c33cb

Download Submit
C:\Users\Admin\Downloads\download.htm

Filesize
74KB

MD5
e67f4b39e0bd8dcd905d75e63457c0c2

SHA1
b81049671a9f0c66e0f97970a40bb34848472bea

SHA256
ec98b3b987db03b851eb8b17f52cfe019a7e113f413b21391a990c8e1486af0a

SHA512
52f4bc5aed506e7f97b1d1a5a4f5ad9a1257c7887e122873c15430c477a95f90ac61888b4151aeac603b71e3a86ba93230129ac2b32b78af65f6c01b1f6a1982

Download Submit
C:\Users\Admin\Downloads\download.htm:Zone.Identifier

Filesize
145B

MD5
3059327284f756aac90916d641e1e37a

SHA1
906ca5d73edb272a11d6288fbdfdf51ea1589a8b

SHA256
ecc1d2c72dd7887508c042ddcf804483549dad488c0e767117549c1fedb05470

SHA512
9635b53279b609ef7391728f081ff6596bfc2d5f9dd39b6c417c34702d7617499f6031051f855cc3fce5d91daddee1a267daee9e87658377e1b912e34532ebef

Download Submit