wannacry | 2a94ebb590d7d9ccdd2009a50ab13d94fb3174536e91dfe53dd9cea3e741e7d4

Resubmissions

12-09-2024 17:42

240912-v9zdnswckn 10

06-09-2024 22:01

240906-1w8m3szgmb 10

06-09-2024 21:12

240906-z2d5zsyajl 10

Analysis

max time kernel
288s
max time network
289s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0766eba566a497af6e61c07af24c36d_JaffaCakes118.dll
Size

5.0MB
MD5

d0766eba566a497af6e61c07af24c36d
SHA1

4f808f55880494d962c57f9974278fad4b3008f5
SHA256

2a94ebb590d7d9ccdd2009a50ab13d94fb3174536e91dfe53dd9cea3e741e7d4
SHA512

907c11535d4d4b64c042ee78a74b619b157958e790531bc22057d6b9f0ee40720c6a9a45f7305b85b56563bc32ca7f37a2e4a806aaf5e278e8b09b41c51c5e2b
SSDEEP

98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9Pa3R8yAVp2:TDqPe1Cxcxk3ZAEUadER8yc4

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Contacts a large (7072) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 3 IoCs

pid	Process
3264	mssecsvc.exe
2616	mssecsvc.exe
4604	tasksche.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
5875	whatismyip.com
5879	whatismyip.com
5880	whatismyip.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706366964469315"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	mssecsvc.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{C5DB2BCA-E5A2-4331-AB58-9AB06AA27EAF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
2604	msedge.exe
2604	msedge.exe
1664	msedge.exe
1664	msedge.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3384	msedge.exe
3384	msedge.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
5688	identity_helper.exe
5688	identity_helper.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3200	taskmgr.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3200	taskmgr.exe
Token: SeSystemProfilePrivilege	3200	taskmgr.exe
Token: SeCreateGlobalPrivilege	3200	taskmgr.exe
Token: SeSecurityPrivilege	3200	taskmgr.exe
Token: SeTakeOwnershipPrivilege	3200	taskmgr.exe
Token: SeBackupPrivilege	3676	svchost.exe
Token: SeRestorePrivilege	3676	svchost.exe
Token: SeSecurityPrivilege	3676	svchost.exe
Token: SeTakeOwnershipPrivilege	3676	svchost.exe
Token: 35	3676	svchost.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
3200	taskmgr.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 932	1380	rundll32.exe	84
PID 1380 wrote to memory of 932	1380	rundll32.exe	84
PID 1380 wrote to memory of 932	1380	rundll32.exe	84
PID 932 wrote to memory of 3264	932	rundll32.exe	85
PID 932 wrote to memory of 3264	932	rundll32.exe	85
PID 932 wrote to memory of 3264	932	rundll32.exe	85
PID 1664 wrote to memory of 1608	1664	msedge.exe	109
PID 1664 wrote to memory of 1608	1664	msedge.exe	109
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 400	1664	msedge.exe	110
PID 1664 wrote to memory of 2604	1664	msedge.exe	111
PID 1664 wrote to memory of 2604	1664	msedge.exe	111
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112
PID 1664 wrote to memory of 3448	1664	msedge.exe	112

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0766eba566a497af6e61c07af24c36d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0766eba566a497af6e61c07af24c36d_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:932
- - C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3264
  - - C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      4⤵
      Executes dropped EXE
      PID:4604

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2616

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3200

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=mssecsvc.exe mssecsvc.exe (32 bit)"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf26946f8,0x7ffaf2694708,0x7ffaf2694718
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17401581187152499473,5770471072975502488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf435cc40,0x7ffaf435cc4c,0x7ffaf435cc58
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5312,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5368,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5264,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5236,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5260,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3176,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3188,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5424,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5360,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5824,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5924,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6096,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6112,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6352,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6356,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6692,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6224,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6708,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7240,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6668,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6852,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7388,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6552,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7112,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7812,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8144,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7704,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:6364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8384,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6664,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8760,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8920,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8876 /prefetch:1
  2⤵
  PID:6492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9024,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8904 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9264,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9184 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9344,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9248 /prefetch:1
  2⤵
  PID:6672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9244,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9528 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=9680,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9500 /prefetch:1
  2⤵
  PID:6896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9768,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9780 /prefetch:1
  2⤵
  PID:6920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9656,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9976 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=10068,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10088 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=10112,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10128 /prefetch:1
  2⤵
  PID:7144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=10256,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9972 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10272,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10432 /prefetch:1
  2⤵
  PID:6332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=10288,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10596 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10416,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10828 /prefetch:1
  2⤵
  PID:6664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10440,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10852 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10564,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10968 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=11344,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11340 /prefetch:8
  2⤵
  PID:7208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=11504,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11512 /prefetch:1
  2⤵
  PID:7304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9892,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11684 /prefetch:1
  2⤵
  PID:7432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=10576,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11808 /prefetch:1
  2⤵
  PID:7516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=12096,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12164 /prefetch:1
  2⤵
  PID:7748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11968,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12120 /prefetch:1
  2⤵
  PID:7756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11232,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11328 /prefetch:1
  2⤵
  PID:7764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11252,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11320 /prefetch:1
  2⤵
  PID:7772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=3212,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=8416,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:8120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=5408,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=5160,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=10660,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8376 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=5092,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10624 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9392,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11772 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=3224,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11692 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=8100,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9284 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=8484,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=3276,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:7796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=11672,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9284 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=8440,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=860 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=8080,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9252 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=11744,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=11756,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9000 /prefetch:1
  2⤵
  PID:7588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=9004,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=3320,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=12104,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12340 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=3280,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12452 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=3452,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=860 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=5612,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8896 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=7092,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12060 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=8964,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=8872,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=12324 /prefetch:1
  2⤵
  PID:7880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3592,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9316 /prefetch:8
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=3600,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:8068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=12528,i,5701613653414137177,6477386922356497251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9472 /prefetch:1
  2⤵
  PID:3704

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x524
1⤵
PID:7592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d1febed34a30b167c37fddd732dd7442

SHA1
72381358df2702696c80960095a49923ea893e2b

SHA256
8894d64ffef51789f5a09b8fe6b000f89c539d0ece145535ed140c10d58ab232

SHA512
30439b5bc1261a419acbc5a56e291f2ab0b00d47628fc6e18550621c2a90495865b40c690b66089c2b91ffb81aed0f30a3e6edc1dcdbe853754d12ce2754d244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
527cd13fb89b9ca17c13920967947317

SHA1
cf6b883ddd7ac7a188b7b8a141dfce7f72580ee2

SHA256
8fcc2f2f01d8e0782ade2ea9bd62161dfae5a445fb7d0a52794edb61bfc9729d

SHA512
3cdf9783d8396bd6d0868f1d258ba867ce8eac422a681c9e8bcda6ad034d6df5595eb0247ec3bb2d25046a7dc9978b8d7f5fd01bfc9e121d4defade3b2c9fa24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ef9fdf04a8188c69086b54efd0449da1

SHA1
e279d4bf06b228eb3aead22607a6802496334a41

SHA256
f42882de2c9abe425cea7f90c3c3bfc9bca52d9e0f392fea52e2c838e06cfdae

SHA512
7ab747e8a0c1a7a5c75a366b211e15f647728b235f11dc5d92cf98c3976c8453ee083de692812cfc07802230f2645eb83cb4c517c045ea5fc766dea6c8478fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
44369b729f193f0862b90d340e128693

SHA1
66b3e6403826ec0aff30142fcad2d41b60fe57db

SHA256
d206aff912492327d0a253ff6fe8a92f931b59abe9dd862d8efd85dd91448d39

SHA512
3c0e347928b5db9cec7b9e51e64a09a693be6a62ee5fceea05b39ed33ba2f0d110a5112643603cfc5528ad5688cc730c5f083e33047cbbed8de76602e1d41bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
40KB

MD5
4f9a548406aee06eee4105b532560429

SHA1
b0f3dabdb01878d8e58c423df7750d797222803a

SHA256
030d7f66d8256f1866e6369289b2be1952d036a2a2a1dd29dd56b59cf856eeec

SHA512
7091e33bce72e3f4f1c3b0c582a64c6ad74ad83a0fc1f1445e53d571202f1452a92002f084dfa2ba027c330afdc6f7370e446be224823ad6614eca1353347b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
33KB

MD5
f478544171c05daa1d018345127d638d

SHA1
d9f94d92f6544d688dd01b6850e6def00f01942d

SHA256
00554cfd828b09040e34e988b3362d8bd348dd42287e75005f95ecfcb26fa2ce

SHA512
9f5cc4ae147f42634a3aeb036268fae90139643e730ea1722dd6c9a313414ccef5f3b173fde7283f6fa7c3f479d04e337cca71a3dc85f209feeb254733c881f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
580370542a15c4053d10ef451cc9bb44

SHA1
d6ddabbdaa41b52d19e3be733f258853321a1cf2

SHA256
3b82c20de3b74313503f6c50ddcb16d2c0c3b1541bb9a2fd0ce65006f446a7f5

SHA512
9844ea5322bad5ac1780d79c390cc9a0c5f5bfb8cd7cdc0f4c76a4dfffdcddb7020203e3e95b975dc5edb404d89d3803b255bfea4f529d61da2bc7878b6024ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
20c21ec90d6672f0b59e8aa6abd41be5

SHA1
5eb0b697b49e00ef9daffc16ab0c2d14b8499719

SHA256
c5e28177fdd1ae4e9e18748c423c282f106c5d1b2387bfdb2de30b6d53b70f02

SHA512
9dc4767b218f2fb296b452419015b7f726989333089d9c49013b1f330cdd956ccd4916e23b3b7435e69d62241fac7a537107f2a8b0656b1e70d97077126cb52e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
abb0307acd784e0b58a2182cb806f9a3

SHA1
13c8190fc153eff9ac8176de5851676a193aab4c

SHA256
d38945d017d4ed3e20f1a018db2c97e3c695393e6c793a75e537bb09ca50ce79

SHA512
8e3259832b0f23a5cf79d2e0a1045c7e0e54215a9b9a1efe7fa5be2d497a099bc60091646fb8b3120f090434ce3e98c1991226cce1c7becdba024d587464dd94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
6d5a1b179da22a149485ad212acd34d7

SHA1
e6ca4e062e8068901c0e9980611083a1e6b8e32c

SHA256
a688f63dcccfd7c1c89f2f57ce9a331e6e99b8e7d1d042934ba2b6a0bce46ce9

SHA512
8bbffc29edd6a1ac98261300a004d198a57abd42dc02b62a8e733655cdb8ff22d8428a1c00d67ec66314d54fdd74bab27363fad9418122746de0ac5e26e672da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e00d05e49ffeb7575bfd32d424e64b38

SHA1
b0c66ea47811b0eb0539a76003f49e6abe7ef8c9

SHA256
479938ca23bfa12e6888bc3b53feef75e397674ce15d1549e66ded752e86768a

SHA512
c47e6e6964ee53bd0653f6c943dab843c8d8070b8ddbbe971e10731b263a92078cc4728099aa348b149db6f8a2e26afc0f43d08be86fff02e53bf17df4911653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
29114642c168bcf8cd4ecbb8054c6184

SHA1
1721599a8527a93b3d76a6736161336d80833170

SHA256
22ec36bfcea967ded047154ec8568d91c4be16b637670a5992744a2bbd6b2c38

SHA512
af662f6aeb129671e5138c2eef29279a91434e15f508562a06aca0984cd5164d5243f0f03783bbe87278bc152761e9395ce341d674d6f317bd94a6a8bd8d46c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
357e1eedfc6b08c1eb381a47b52c9d62

SHA1
7b57e6acb8e912d334e8a246867e2c992edafeec

SHA256
ee4cc04ad9287bd8272533da076cd99872a2165afc32bfe84d147d59f9be6391

SHA512
afeefbbb604a804a03bb909c022a2e29fbbb86fcd4b0abf5f770984b434c87e150971004687844509d7f54188972631e63b77e17cba1cd48c6e4ef4eddb0fd33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12d4f691f85a334bc94220646fd1030e

SHA1
89308f009892dea92881f003f65205758bbfb4c1

SHA256
ea534b6ceebcaad93eaa076bdde4215a5f4b5ba36b063b11954910a49c39e167

SHA512
b319c4e6eb3dba29b3732a15b89599a5e649a75ca7f59f756e662e36b231967d33e0f11c96d21fb081b22fa1958eb3a8a1d10f3a8a6ed7f673bda9d1850492fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b21884cc3ed1ee5e3cd81f95474fd7b8

SHA1
c9e06db6f42a3b2b46f9a80c329633aa06f1550a

SHA256
d3f53b33722c703a2ab876949778ca9fb79d744831bb3c968394b3b5e01109a3

SHA512
eac51aa553a1744c31053602e27f8bec424c798aaf564c62c84dca2551459d1006001b58779a48b65d4c34b71ca44dd9f1c70182d03abada46f50825c2b0feab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e9d8c3cd8b01e2c66a31e7a767449999

SHA1
d2f9af863fae6eda75c042513a6b30cd2e4471aa

SHA256
10e8e395939c09ad6ae54e1c5b153f097a966548387fa22408da8974126c3185

SHA512
7550535de5b9249157119c4bf4eee010300f977a4ea1336d60fe1bf08a3a8d4f3e32924866ce1bd2e3fdbc1ea39e975eac1131bc188bf6966ed1f43de1bb08e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c79a5b1a6e009b7c3fadf47699616aa7

SHA1
5bcedd0f41bab19fa98388e2bfc6bc47f7974e30

SHA256
0572acc0043ff1942a9b0b680f4c938e52c7553384173f384074297efb31770e

SHA512
065f8f6df420c29f98218515ade77919569443078960176acb945ad7d8a4b61bcf80abcc2c79396fa6be1a15a2e4444589c0408ac23bc29f0c9e5c33850c5c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
74c0cd809e409087b2b8bae063209df9

SHA1
1424cd0da19dd8f4f427bf9383ae5ef731bd11a2

SHA256
2212bf6adfb13ecffa767aca1e31fc96012cef5f9a0d6d4138d43876326c54ce

SHA512
b1f03743faf5a4636a0fc39622c9a216ccf8bfee690553bcd3931d22876826fe1c0b2f3f292c446c39a2d339a05717f331011f380bcd1b349aa9137642b69acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
05014ab54460aa81a44da9d8919cdb1c

SHA1
bc2e8c49a71dcfeda0967b6d9ca88ca3aeb90b8f

SHA256
c0ce482d600b63ee1c1b172a02398d44a7cf8c5ffaaa4b5726c3b73c029d28d1

SHA512
57ba4f3837678ab815fc4cd6d04d770ed2c789b664a6fb41ba5636104b8a6ebf6969642026824e805374b30bb9642ea63829b2e8d02592e4795fef28025e751d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ac9c19e619817122a9235ec06ee30169

SHA1
b61d6f8f4d773514ef6d095c52c5ab882c23edb0

SHA256
5957fbc156f4b8f2b8e728627b57ea56689cb9cc21d4afd7c32a81d10979c288

SHA512
f3558bcf5e6a7c82fb6ef2ab3f2c652147f69ba2006f193e5661164724d951327a4f2cee6961ed95e85581290a823b5ebb746f7e225ed58f342c7231368a95f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ee61bedbe8a727e1c6d7ba7c735e3bfc

SHA1
87d1ddc05d3977edd71a6cbe97112820baa37ab7

SHA256
2e3b9578b193fdea8f1da084dc7ff4ea27c5aa90f787246f023fdfc464cbec12

SHA512
ab68d2a4e1aef948c7f3221f66a57802383fc8b783a08d5a8768987c28d5623629202c4e4861b16e8ba8a1ac00fc7bd0e93153f7e54822c975b8effe4ed562b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5b4e632f372cb1a89136dbc11a681390

SHA1
38e13cfdb6836ad7828b5d36652bb001bac1ccbd

SHA256
10d4c808734883c99b99525f1fb0b2522c943b693ad3692c25e7f1a29f642004

SHA512
cdb254ccb81dfe80db65ff2efc3ef89c56d3171d77abeb8f80d7763413e83c5f4d3903c4cc4d445068233490d90acd4aad1b25ae8f4ed73f90e755d9e74fb29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d04ca2759a9df725a4c7c7febacb67d4

SHA1
19d9b5542f7fe1e4b1a4363fbd18aad5da709720

SHA256
4dfdc591cfa103b4460156e4653dc3a4de460033297511bbbbf6a6ed7f4c6dc0

SHA512
c88ff7d47bc20989e7014aad2f48af8d7651c28d4f29873b4ece3cd6a8abecb458602f51f4c0e343a73cd7625a9ff6d15c8a6fd564ee282cfd573a50bffbb4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7dde656ee8d16f7698f78a1055d4f53f

SHA1
d09f0659f75781bb0088a6a26464abfdfc5e7d0b

SHA256
da5cd83e5d131ec17d5f9f87796bf6e34724ba5425134a4e9bca795867e7669c

SHA512
26d112873ac1403ba24f162adc405bd0f2e895e77472e43ac96cb32a8967a94291f6fa1c6c33dc29afa8954f5a39d83b6393c1681b082cef6570d055557e1f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
889eb52c205ccdea929e5087feb8fe89

SHA1
0eb317010b83cc7e48ca19babf86c70c40dfb82c

SHA256
dc55c7e9d7fd63327b1a6e0ed221868b3c2f79205ef2ed65d8c1b8220ab1950a

SHA512
c79012e8408126b0021f96f48cbb92a033f24f11f8eb1d5a07b751e4a4cddf353ea301ae493ac80a73eda77b6c6f27130e5a6ea2cab3f7e5d2a91f6f0e844780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d3a465672759abc790c4b4e6bebae2d1

SHA1
f415863af659871aa27eb38b470fa663c5041a92

SHA256
3bb63f80efd9924a8e255c8a70f438f6275f573dc2238ec11f7219697d33a96a

SHA512
00310f108cd96bebfa470105a8deab3a72fb05557a61847ecd2c8178289c7c7aa68dbe0bf8dbd9cb3f25f5e46ce296ed57124d2f7b86315745dd39222e837d26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
a7bde60a4ec35d7d9e3554f2fe2fb127

SHA1
e93b256b5f257ededda9f53cfda93b6c71325e3d

SHA256
da7b1c33cc007e066558971da98a5ca729e460a144fd7089cff554c677c83584

SHA512
bbaa1b401509170742ef2561bb6527eb4b9a96a4d3ce5d8c1a44658f835b6263055dd043d50777cb3ce962ad83d38ca0b763e738473b7aa6558d36ea92def553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
7f4cf220d63d49d330a0cd877879f008

SHA1
09a9a85cb9ac6d6b3e8cda82fe6ceb3a30de7472

SHA256
6950416e7d490967ffcd4930b73a5362d93142dca3efa5c72199833f1272b26f

SHA512
0e0f99b6619f2f0221dd6777120475c6baced0495368c5354ba83ee1234d5ee7ffa97de90612f654c028507cbc8d6f5b36aa0d393a24bc77dc4352728faf616d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
d964f8be61d0c714d6a2c47ad4ba87f7

SHA1
4b39a4981158d77bd24d4ca053a2601d7f4eb0de

SHA256
c44dc137fe2d6304c51ceb9a1a80db9b753b446ec6578268da4abc3166ed01d5

SHA512
ce31cdea8a56d31231718ab9026bd1f764053f3c6c9d2ad4c273b2f593e862639c09abd1043d9a6916a4728ffcbde6a6497737306b4c09bd7320ef802dbcfc57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
9696fe82f5daf082c0da06d9a916ef45

SHA1
e684cb30b3b57b35e19c74185783a076e6115639

SHA256
68a723ca9077b71ebdc74ab382bec50120b2bd0aa4f980779041f84822aed631

SHA512
c2a8c8bfd4b5b42590d15f78906b2e0825eed434144c3bd3a58d46aa205e944d07b17dc084bf1b1acea0e8c50c305761cffc937f02426b812e7014ddf7696995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
abe4af246ab45cfe53f8b0258c7dbdae

SHA1
61ecdb17d67d867b1395f2327ca415e9dbe81083

SHA256
97efdd82ead874a15652f74b01556dc601a12a0f02ecf2f88c522deab29c24d1

SHA512
a4e4706b2f0c1208f7b4c76685a68a5fdfd7ad28ed090c234d673360f3f6689ba1f293570a9cd64fba19900dbe65ba58d23db12e3c732ae877679c3bb95cffd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
d7922e93cc3127be6080817dd5e2ec13

SHA1
8e2298cc394e41c780b1fdf0f707e6a8086ba469

SHA256
3575146a3116f95ba07d1167819e09e02278379803f8e0bb40d3167b302a1cfb

SHA512
28a28fa363a9ed70e8c8c2cf0f35e25fab8032c4a71831c8c694e8ced0eb620d4da6b477630ae4da40f1a171487f1508b6f25da90df6c07509a1c971dd90512b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5bae256c9bcea506b0e4ab8ce78ccb9b

SHA1
a527b0142f1ae23b0b09fb83dd980da195ae1c11

SHA256
fecf7aacf73c3a08f1bfc556c8e4d23ad9f56fa804f97dd712c3065ede1b5357

SHA512
27b64740ab8d014b947660135d804f7bfa2200779cf59d45030179c506b037acaadc0420e0c4c107dabffcd4e4f0d36fc3729aa0907750da0f785a92b1d25e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
dd88537e60a124434832bd1bfbfea3f0

SHA1
725d982202e4428f90a3b8a6df0dd12deab5479e

SHA256
e251a4be9fb7c76800080f983d1a67f1e20cb9e456de673fb298b12e845812c1

SHA512
56459b6d36503cb659c245f94edcfa77c5641ae9304fd2adc54bb5faeb37451ac84fdfd2b785abf73d0be44d7c75977c14e159f0367c260fbd3af03f1377cdcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d9ff0c7f3703170a58c44c247aa4813

SHA1
0640125300e764accd349e74aa7ad5c1d88d3879

SHA256
e5219856eac73fccf01dc2e97c8faf4dcb042963a6861c459be2ecc431a1738d

SHA512
cbb22f8acba08dbf21b206fc17126e3982b522ae541afc917339bb98f2dfacc7a9b020a44264fd12599080a12710724dfac9558bc5cfac4a3a9739f4970a448f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db1ffc25a68053ecde276caaae737c46

SHA1
e5eb533fd5682b9a3b225319fd507b07f1008e42

SHA256
c33d4de8e524baacaeb84ea8f10867b08208aacff77c8694942775797c0b0a1d

SHA512
8be3e5814bcce287d5d4b798bdfab794092d89fdcdf64728439a89d47588db5f8e2af60d9f4291a94940bafad413d123d916083df3dc686be023a492edbac7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9070cc9013c9e7804a05019bef2c4002

SHA1
e871ba0cab1601c0caee2248074b475efe3849fe

SHA256
8ef08f3bb82c575d21eb5dbe486aeeed1fe46d9ca88274e80d79622a7917dfcb

SHA512
d0d73f6712cdd8a53d979b0a0dd466f42a3eb447df1baa46cb8c65807a4de7a29cea5bdc18d065f7ba704c9c7a9dc7efcfd557295b90bad2dd301fcd645d10d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d2d118cc2d9a6aa73a615b0322c26d8

SHA1
2e0020e75fe91d6fd7f38d3577eed7c9344d7ebf

SHA256
b1a54ffa71230458da25084d3372311999bd63bcb2eabf603021adcf9f5a4335

SHA512
4c636d6799938fead5c86a58afeb7b8aa3cd0a67451a6b8a5f4f27cb1dd690eb34ca07a147497ee19a314435ef811e512f425eb485c09ee49b4282539e478ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d4f6a1fd76004184371b47ccb596719c

SHA1
676fce26f49b5651a33a0103716e42cde13d0e15

SHA256
ef6df9fefe217d95de1c4a70014d3198fd1126acaab716aa6b668c5dadc4d32f

SHA512
c20e96048643f40b28cd3d2b3742a643f1cfb17ec081af18d73883bf8b6d46516ff9f9dbc85f6e003670cdf8abcfe6dacc396bb9be46698426453807cdf0d876

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
bbee6d8fc4e2cd93d13370eb5b9e62b1

SHA1
984f56db81a563140d72d555f33dbede5b0defe1

SHA256
47392cce32d7ad5b3352b11b8aa5d790c0c42bfeb398b1d5a0f45d36fef44b66

SHA512
a71ec2d88ab46303a98cad496c43830bedf6a70771460322d6ee0c26281358e040a8e30e2bc336f01d32850f9ed8fc52099e44bd4d9f1978776a37989d5dd124

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
16KB

MD5
958ddafcd52146ca09eea5755b137ac1

SHA1
cca3d969d7119bf20a7aab027c81ae1a514f4cff

SHA256
6feccbd4982403d986ee70ed38fb79ba401943443494a231b022b9d8e20e2567

SHA512
81b091f0bc03fd2acd0b044b963ed446ee499f2ea2ecea787dd7448026e75cec5a4190b9e549975077fac8cebf8289192a90211ead6978e41ce45fa09be4bd17

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UIWOHEF6K2MLRBSKYTAM.temp

Filesize
14KB

MD5
4f439af5e6560691163d8cc75b6d1b67

SHA1
7094add0ce56c73614ba475ef223c0bd199aebc9

SHA256
6d8e16b04f2eb4596d78204d6544890eea4827a6c83538a9dccf84d3d797b8b4

SHA512
2f1a2c52c75c3390f1dedda153926d9d7091b8887a98d149e5f4204f1fe966f8f1165bebdb50588f37790b91bd896098e058cc7afb819aa92029c726839aefc1

Download Submit
C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
f4531c47b69b90019096c33303fb9fe8

SHA1
ebe1442f1ebf397bddedfaefb7a78ca1c9511eee

SHA256
0bf9f9ad7fad6b676f7b7ea7b6b7a9cbe8af54f5e8beceadd678ac473e9d7eb9

SHA512
8d9a302631c16a0355d2083062c153da3ec129caca9b874c5407bcf8c936a5cb0bbfd720b7195f2a47e96f4ef8bcfda74abb1e83c00e28c9d215abc7c0fdb172

Download Submit
C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
fff2678d85747fc86b20215d769ad4cb

SHA1
c864976c457a90a678344ffa0b9b134c0645ee3b

SHA256
658a87fcf71607b1ced777e309c10d8bbe447f9b368217cc16ebab55f52c340f

SHA512
862a16e02173e8875ca573700051d53634463d4cd9fd215c112ea2938fedc4743ea008d2e69ad644c04958d41a548b5763c2e76d85787264fbef033f37037190

Download Submit
memory/3200-15-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-17-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-18-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-19-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-20-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-14-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-10-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-9-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-8-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download
memory/3200-16-0x00000179518B0000-0x00000179518B1000-memory.dmp

Filesize
4KB

Download