hxxps://www[.]aster0id[.]lol/

Analysis

max time kernel
493s
max time network
434s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.aster0id.lol/

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

38 drive.google.com
52 raw.githubusercontent.com
55 raw.githubusercontent.com
37 drive.google.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
38	drive.google.com
52	raw.githubusercontent.com
55	raw.githubusercontent.com
37	drive.google.com

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766682999314122"	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3824	msedge.exe
3824	msedge.exe
3512	msedge.exe
3512	msedge.exe
908	identity_helper.exe
908	identity_helper.exe
1492	chrome.exe
1492	chrome.exe
3576	msedge.exe
3576	msedge.exe
5220	msedge.exe
5220	msedge.exe
2708	identity_helper.exe
2708	identity_helper.exe
5268	msedge.exe
5268	msedge.exe
5268	msedge.exe
5268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

AUDIODG.EXEchrome.exe

description	pid	process
Token: 33	912	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	912	AUDIODG.EXE
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3512 wrote to memory of 3672	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 3672	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 4560	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 3824	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 3824	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe
PID 3512 wrote to memory of 5036	3512	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.aster0id.lol/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c4718
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6469461923542707378,18142576725967733677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:5228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd36e1cc40,0x7ffd36e1cc4c,0x7ffd36e1cc58
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3272,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4404,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3500,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4516,i,10700341383008335793,8260544914324809603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:2476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c4718
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4268 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,14442804182341086909,15875685428141218693,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7f6d028c70fbcef2ef9182f4eb8a180b

SHA1
d2ac1877f9a18798778ae2af26b7bd00c15f31af

SHA256
adf5d2662b1a1dcc0b2356b8de584f9826f792dd6e5098ccae88b550c207016c

SHA512
1c1a0dcd8ecaa3f73c40967efe4b521ae93212338b4c065649cf9044248701ae54d87e2bd93d31e43bdb58f2bff2173c95e8d8fa6a00e9234be3538b740c08f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c609392ee6ef00b4c09ab29b9bfa649b

SHA1
8939c73d8034360e6954c0b943a513bf62930e9b

SHA256
9f934b6a4b993d177485df7c3aaaa636b6ede9af6863e23f4319298194256e09

SHA512
3a5927096a3dd7145ebcad15d961b84c76a929fe7f66681dddf9c4319d8e174d0e330868bbef692e9fd64a70b7f2d6825a6aabd856874bdf4e96dde342ee045d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6f98286705625286c7ddf43cc0278de9

SHA1
dbf390d935b34d1ae60b33b94b1431287d1299ff

SHA256
6e64e950d0745332374aadf51a59057f81d4f9e02059bf5caab422a9b511d3a2

SHA512
48e3f898113a0c4536b2d68b6a938cd3f4ba8afaf266f87e11b8f1cece3aca3e22e47bfbeeacc863b8ef0d3adb1f1bacc10a7b10adbc2041b2bf2dbfbb4e0605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6159f9e11f4aa1bde9b473f240f343b5

SHA1
afa71acc1d5c1f35d6ffd4bd216492c60888d953

SHA256
1338d08e5461fadb801bbb86d2753aea034e9663f1ecc5991f9646556d8491e1

SHA512
d74e9cb56a3a976293f928736a7f1a7d9c6a9aa7c0a689bc1cfa396958e265921361f3636cddef3211268e56b39cec92e5b231940253637c81c240ab1bf851b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
76568e1ae0906262ebe5999432b2f1a6

SHA1
88d5eb4699620394c97287612a0c391ce0010e39

SHA256
692f2ac9ea3c15d18f1ee838155eea191b8415078f5215b27311cd79c9279f0a

SHA512
244f701fbf901be4f718363eaf0cf7f3c2c70cbc683ee790ba599cf68863222ca7bdc3d231428f25ac9c6bc2f83628e09f7738d6816627a608d58175cfc58ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
9cd305bf7a0a353c0b41be415e384fe4

SHA1
d4922a3f61e942c45991a2d3364af0d6f983f369

SHA256
545df4eee1e012aadb3009c6c6d912a0867836f6561e3d26940339d49128b59d

SHA512
5b8662af324349f7556e44689dacc7c9cbbbb853917a2c4fafd2371faa76baeb8ab74d1de635af96ce43c61e0a18313535f82b460189b6ebb82a4a444e8f8762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fec6f16f171f3ba55568802a7592f7fc

SHA1
d679be0b4270bfd7d811bc8d028052a267160eab

SHA256
770fad00532e966f5f2e2a77afb0a177187a92b72c5b55890b3907300f91a652

SHA512
c7e88c90b615c353bef4f425d84c8e128d53d12f9a07cc1261b38bcbc3187f47ae63e38a614f2287f22b3ab08dcfa48b317c6f53d8cf391f3502df3966a2381e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37128b4e4883085adb70212099d33acf

SHA1
9c716ed5401e9dc2c6879b03f0a34d824d2ede99

SHA256
91c7f07e7aa52f1e4d6751b4ba31d098072197bf3ba6a4549d213f9fe1de1ab7

SHA512
3e3851dbdec3560fc5eb18be51de362acb4bdb889c66d1794b97f29a8a3a86aca900406360778819ace767653d083be45a21673e232be205e81ff36ddd9f63ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0308da3990cf01dace99ba796620cfb4

SHA1
c884632e066c1000063329da7dc4f33ff825ffa1

SHA256
9553448c60340b5592885bff260352fcfb215df995bced57048f388eac0b449f

SHA512
f0791761443015f4a2c66813fac9550eb519557ddfd9e2ff154df43ee98ee7cb3020a1ece698601fd389781084cf80e6a1184a4be82934bfb0218ca6db424418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
5c84f274a495d611f4f0d644a20346c6

SHA1
6c8b4c676f7541e59509d01b4cac4034a44c751d

SHA256
5eb7cc748a6177133adcf0a0a4a86ea4683cd5ed2dead8093330270b4cb5b4b0

SHA512
b8fe3cdd0daf72d5e3caa030ec61aa45d41c24db04688ac11541862f017808281a9d1b86a813fd32f00b7a675780fcb24f13a52ae2c52483ca288d180a5259ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
952539da0e2cc36460d77c00d7396725

SHA1
e0ae33a16436b027c0ff0e6eccb78fb94475e715

SHA256
2b9a84451af59ab791f1b0d788f112b51c0a9a502a9a617f526ae771ffbdfae8

SHA512
e9fb51b7824852e906d101c174168d25d11fc93d02f7e69072572659656a0c5a9d2c58ef4c000085cee6cf2d20c5028b146b126e97f4571ed51b4b567c40cc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
8ef12a060ac186fe7e35cd72421434a2

SHA1
78ab28686c999fa9c3fddb5dfb03547ce871855a

SHA256
dcc02f6f7b7387a65628c543283a2a65238429da407aff84b748a84dace17210

SHA512
6ff4789a9e04fb3da9e16a14f2e20de77219fcf39a1f32597826a464aef6a5a51115baf90858d81c3e6dced943ce6535e9b1e5b3ccfff54eeb6529e70627420c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
17KB

MD5
6f150628cf1f2ae1b4bccc69561e6f62

SHA1
36a4d3a041c8c90f9a7ed769a83b4f277358d2c0

SHA256
580d5f13bee7609804ddff3d6a5cffc17a523e1f1333e948ecfd30fa47e222e4

SHA512
eb61c26b1eda559587c45cb28e138c3d8ac6ffbb8c284bf2c4b9da9bcae62d8ea67edad6ca72306e18e8f3ccce9d9db537cfffe54ae7ca3f21fc54915dfe9308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1024KB

MD5
afe1f22dd2e5017b255f00dde373c18d

SHA1
dc4d7ad30cd5fbbf61bc9065e244ed16cc4e3308

SHA256
ffbf98b845c5d1a78baefc60832587c48e6210ffbf0b41485b71d0f426f40e96

SHA512
e8b0db81501e85b9ee0993603d581d06b85a2bf9cd745d4758be6b21930896e44c2ffab0f5509511d51f2d6d2ffc0264935dc5ee2b4d66803be986ec910df379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
49974d41e386a4379ecd081e68a653ed

SHA1
e933fb57f669eccadcc439d0a1fe8884baef778f

SHA256
571da8b1ed29012750e1823bd1b6c8117391387c0f60b39898b11d5a50f2a01a

SHA512
3c93d807d51fb2fcaca6e9cc0236f2ea0147c975055a2137fa6d19db83b715676f083fa2d7daa23befdb8d5613df91178c5a03a622691fff5424e8d7f077c167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e09526f80e61d6c3dbbf52cd619617fc

SHA1
66f3d53f9a9045b43f1d2f5a41cc7725b02a7164

SHA256
c8f12dadeb0d4c7dfff7534a549835817f236ef4de69967f2c95fab19c65b605

SHA512
fd06eaa69ff04c1625eaa9e3a19a440f7c73659131eead50968368215a0d8e0a9fa97c8c3027f7acc179cc9d97291adaa6a99d0254648b01bb5ec22230830c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
a7839b90dfd79eac54dd2873f3b864c7

SHA1
4bcbd53dd17bcaf2c249f2f13817563132508345

SHA256
13c5934d6eaebf8cf0dba9aa3cd21cc7431181a9b7de82340b37e2621f5912dc

SHA512
9bcf5d30ea8fe13d6d879752306444617ed258954bc0465788a9bd09e117a47e96578e92acf2a4ffdee7f0cb139b0afd59d3085b1854329499df256579917b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
c616917d99eba69f11aedd570a6ccb37

SHA1
e381f6c7d6003c7505da4184ea64615e3714810e

SHA256
9768cc2aac4ae1372fba585708eecbe67641f35acee4d19cf911a1689997030f

SHA512
d564d6bd5afc6b94f1d197e0a208ca60f2e5b1dee7787dfbb32d9105ba5cb3b73cb5005d1c8273087c69193b8e4b30c7ec3b12d9d814f48552f50bddc1e5d5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
0ac2f401de5f54977260956fad742149

SHA1
9e4373ed678fdca5c3019d70e670dc795af67cbd

SHA256
5510e67bb6ebb66be9307ac0bfc8c65573f142dc2e5b59b7715d67936416ec14

SHA512
dcf087e1a31f323db3572fc77eef97b614016e69e85884bbe5f8c9376ad82e38eb51d491c744f9e3c13ec388a91d982b1658b60b1f9199a52dcc416a4f2037e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
050cdbab2e93af71572b54f8614a52d0

SHA1
1bff55fc2cf19df9d7dca508e879fcdf763dbbe9

SHA256
076815e5aa4eee7b8f8441ab07e823d889ce5d09eb3c55e801afb5c6e9cedd79

SHA512
da93c32ec9cf03ea3f61c0afb3214bde6181d568d6139980e60e0b00017e89eb44dfd3fffd4bbe45870fe6f8fe36bc57cfec9a3d1b05b716d9a5cd7946c2c87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
411B

MD5
2f46efb1daab360e806b80246f29e84e

SHA1
06f1c0700603ec5e1e096b61f85676fb359ea25f

SHA256
f9a7bf4ee3494d3c930b193cf28de86a958e4635751d8158c0a4d513f72a7a15

SHA512
6af1118704b492b898ed66a9ae7af61cd2926b754bd851f423195abe54a8c94c88a89c96676c53682e1d0cebada1c494fb677f8fc2a5c4f75e89f332d1643edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
4ebde5504441da94fe9fad82eb4f55ff

SHA1
f4a46dab1b3788c55abf16dc71fe0a956eb3d05f

SHA256
eb59868c5cd5485c586bf3e4a7fed9fc0c541659b261608e48c8319035d13f82

SHA512
522edf8b0c1d565874fab012596077b3e1f6f0b29157738549de2749ff607acd2c719beec8e437d97d7020daf2af35fcc60092970a4bc017647de4dc5c185e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
80e95da46593a8eb575cb3ace36de7aa

SHA1
b6cc911e14f94605e9bedafcfbffefa3807266ec

SHA256
0df37b915958512c9057f6a50dffc801e850d571a2da0a4368adaa1386759229

SHA512
836036ba064e4f5a848894ae8361d7522b5db98c600a61100d06d1f963bda7b14d949aef8bcb5f6187d834a09b5b1ab8204a82c7eeb3ba9790f20fddbbba8a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7bad95a92792aaf7da2c5b1f2bebebc5

SHA1
34a2da5939c3671893e77343f0dd64f7315eeb08

SHA256
d3ff2deb88f8cf6131893dd20ded9c9a37afcfa48371d39ec80e517d0ef45c92

SHA512
e5f0dd5e98a3151300ac193c76c51fbd7e52eb2d99d280cfdea39739e724c2cddfec04dce4d116efaac6c63aac4e9f7cb84c4acd4cb9fce81206e6bf27aa9b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6e9c422ec8a82220d8830e33f9f985d3

SHA1
9344bb7dcfe56e8566b4e072532ef868c91a7c96

SHA256
63dd9809f2bc634dee7dab16f90a49a3be98570fde9804b0c71a001389a1954a

SHA512
c3498953b768c88b0f854a22e3ce0b1e5d2b356b8db359a62f72a8c3ca8448c7f9b40d2904c6a7b3135ad7ad921f08d2db079a44505145910791f008cbcac55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ece7f07331bf892262092256cdd2f37a

SHA1
1ed096e09bb25229d8b226cf763e84d23f790529

SHA256
a204ddf595da4734bcc633241ebd6d870ff2cb138f6de6672cad299cf9bb53e5

SHA512
a42edd059b658430504a1c88c23e02943464d0d34e5203489a0b7d47d04ad90620dfee1e43550720d782c14ab62a437982aa3fe41646d0f309850b58c76679c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6e68f4cc166a2609a1ddf9343fcd36e

SHA1
a1ef1c8f8177d30095e626c4ee46816601e633bd

SHA256
847ddc618593b0aedd00a7f222660fc8ed8939151dc97f2fee00cd8e80bc34c3

SHA512
ef3ee947c2b6bf1b38041c04c7c0d2337735c8b18bd76b6a2fa9b7c0807f07c44379ae02fd9cb6508efda74c017160889649d04c3980d14cceca1373b24c0af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2510fd396afe15949003cfd5050233ef

SHA1
36bb5721d6e557c92f6f4ae21585557543061dd0

SHA256
46949b1c968d6d7414d2dee069c1a39b17c91f7586472623b404a444a4515582

SHA512
f6a35a486d644ffd165f023682f30ef46f740bef1aa9da2496d98364ece998b475fb67388dc9ffa55f1260c7bb8c7279ccec5c8d3c00a304fe9dab93cb7ae1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd4b36adbef5a0904238127f5a7dfb1c

SHA1
46343af4f30574ad3e89592ffd379f51e07852b7

SHA256
62deb1f8a868e38012f388a19b400bb27c77ebc2c05e13ed15faa86bc39ee6e1

SHA512
cc151dbdedb9bc3981f36350373db64ed4201f5fd36c501fdf64ed1e27a28dbd7f2614471863c28ce5f49c58097e682c7fa93246e260c51c0dbc26e9d2fd9879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
716073199f5cd7ed3a85065bc9dfefe6

SHA1
62baf0c10eca4df4745e2425a7db85ecfee97494

SHA256
51ffa7388282928078bf5f98abcc9080cae3e41051cf1b7577e872bf5f57b50c

SHA512
452a3fff7246f4b897817ebd28706f8ed88f7305810f2f414a7099653b90cb4dd3d0613181fc500407b14abd428d16e470a78a18278673eec6952d2d60de50d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4d2faf060f15d1930e98f8d83de17dd8

SHA1
de5034982e0a044817b2f535f7b029344bb91118

SHA256
457dba9fb42d97a4e1f043f04e3f98f669b0375a3ef280b67e2cb9442cc02bc4

SHA512
39acb0c9160d328fd3e93c34e9f5a9be2a077a0749f8283216ce37b033d134fa024b28a193e6e46af63f0aa231ed0e1e129a454c70f7cdff29d4f45b7210704b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
390B

MD5
89ff4167754a6cb2dc466fc9a42e2b7e

SHA1
125671a956a6edc3fbe42ca1efe3c6cbf21835e1

SHA256
e159904879df45d021552f7c0693428a78d3ef78b18e2fb96eb00dbe2d01eeb4

SHA512
36c79f7b5f79a12eaaf7cd09691ef053402f330811015871530bf211dce741bf48b1695c332b42ec99b20027401cd1025faa6af9892a849e90a2aa4ea1470dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
abf67c142212ef1d64b7966e9dba98cf

SHA1
a4cc1f7e261c86c4e61b0b4d0fa5ed5e523cc433

SHA256
ed68ffcc2624d48b4a1d56eee7bdcff9cbcb45965591d9f3cafb20253c503d4a

SHA512
ca242db0c50d7e8934819eaaa2a7f9c0ed922bcb19e60e89ce59bb292af948facf94c6772dfbab2d696620308fd2cbf3af4fc2fbec39a1943e960a24ca5c447d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376668173492081

Filesize
4KB

MD5
0f9a3ad26b24beb5b3b430767e0ad75c

SHA1
8b814c97310a0a803e0ea803b5898ca1b397942c

SHA256
984f235a10dd35b02845e7644d7a22359727dea7cd8d78ca1ac8c89d85ed9ffe

SHA512
a3983dd31be2dfa8993c31ecedd882c2726735cab1281821278ee2c581958d439419a918ba1fc00cf65d7eededacf46990528787f5aa9ebda7e06d8e8129f5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
e94d4d5bbbe60f4382905199d266c3ca

SHA1
eb1782f617e2e659f012c71a38afd33560d2596e

SHA256
d44c74b1e1cc6db84f2637fdb1e3045421772cb344b90e1052d7d08f73c01282

SHA512
8460350a35a2c2faec08ce018d9198524f5be72ded8c0ae193eeeec377a51c4677e5d6e3cd2cf086df3b3d3e3f9d7f11b3092836c71225c1eac554c411f0c1c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
f4cfdf713f83e97ad678291eacd76d7c

SHA1
c5423ea7f0ee801a1cd49ddeaf4d7e44bcacef31

SHA256
d3e9ac2719795a2e14cea4d5b9e0f635fad46bd3c763b565e993a1c652ad1669

SHA512
630d8b590a8854d94a86ef5a363cf6e34aa59a2633a3741b1aa7fb21d72b2657bfb62bff1f427b7699b171133778442dee26de539ee5759d203786c317dca6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6c2aca545f21f0dddea4e4d126814ea8

SHA1
41cfe5da294b0f91ddc8ef7efbabac2cf86a58c1

SHA256
3e7eda269a98e3c73024f92efef415179bae4026a275b9a3dd80bfe1f4a02883

SHA512
cf6721cb89a085628842461d49b729707f6e7c540fe45858cc84d0f7eefb3e81f1c2e16b4ae140998a127d5783b2f4fb98509378dbec569d71175b5c8f812b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
dba12cfa55b90e693535e623bc96247a

SHA1
bff73a6855e34366d0519de8518ae51fafe0c605

SHA256
603ab1cc5c3668bd00fe117be8d425ecc39c0ef27ba757a68b526b2c0ba725ec

SHA512
9efd6a660a0ab64159866ee00d75e0e3c47ec307ae9fda2c5807cfb949532d2af40b97ff86c000afd7282e7ff6913080fc37a942457836a837aa82414cf02924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b4339a0b6168fccab38031785903da42

SHA1
3b08fcd42de55894ddce025763c4522410d3c000

SHA256
eb6b2e73e44aecd16661228c46a5def6c6ca3f3a91e9e4b5b0fef2f0b302dd23

SHA512
c4cc4bc326c1016188f8d12fdfcb07d380eed2c0d68016e6bbd968e00e387e9fa5150f1cb84c02823b36384d11bf8953903a3922e2e290911a663140550d482d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a96f4362-1ac0-4610-9755-8ee195635d4c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
627KB

MD5
aa54057e94b90ccd45c8546e08a9851b

SHA1
c7f88726f7fae1161245758124c54507445b54c9

SHA256
79e86e73c8af529b283d0792e846956e6d47df44f28f487332c0229888678976

SHA512
6d5a99221a6ef65efac4d1d6b225888fd759767dbbaaf8abc3fba140b86a861dd7fb07105f4a0d4584d5f4879aee5bc74227dce0048b0ff1c02be1d968ccc050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
5af986311ab75c2f908e69c33658452e

SHA1
fdea4e8df4e287bcc47606ddb54857a32a34b071

SHA256
5586cca45073af91f67559f451988b7ad8cc6259e9b7a3a89238fd689d3046a1

SHA512
d36c684d4fb4b58679c500b4be3c48baef374e07145b553b0405cc9de1bd199fc9b38cfc100dd8b25838b1875df00f2b92b8e851b6652ada30101d6f24e3c463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
76d3f5eab2a6b29e6ff66e68f4a0b2aa

SHA1
32d0798730f979319b75a2259d83881c4508181d

SHA256
34f6261a6799b2516243327f5826012799b7b858d9e6b6ea894fe2f33ef72a7b

SHA512
4e2edc956629b28739f3b993200f2058b4302905b260b56d6900d4c51c331ced596a2fde3c951c1bc0ba804c3f526b8eee2d86ed79bb91d8a9506c72e4f34980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
91e3e193bc58146efbb597071ae875a7

SHA1
05cd1e71554bcd19045d73bc131846799743eaf2

SHA256
8fd762d7c5f67b5258276e89c97e1416b7ce825085e8a6fc713373afbc523af6

SHA512
9aa3dfef1d8f07bdfe465cc2a718f968abfa256f350523b7d79c1d8032c533aefa8df239c66cbc3d4c0dc5c2fb9737ea13d78d19d7dd3639f5979dd13352dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
15889ace1afffbe290a5ce6c45723444

SHA1
25bbdff04a9b0f55582b681edb734a1375d4e66e

SHA256
5923d1a20e35e4300bb74e2d11108c941ff554e024279429418bfa7a48b56522

SHA512
ca92c4f2698719e182bec8e4c49a41d55c93f1eeb1a3bec349aa4bc266940afa98fd43452d961a6abcdf822cb1289763b7fb81fa44eebbb345f99abcffbd3a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
08b6b9840580bcd03b6eef80c23c234b

SHA1
59b4057fb2c8573c3e14f73a9737248088ab9a1a

SHA256
fec92c23af0a6a137fd1b118c03d69607c60c63cc6196299df0d95ec4af5ab12

SHA512
880b3819507178458763340fd738a287a741324d30558fde0b1b77c8cb198b07d9b546b96a868951c7cb56aaba32a60ffb4d5fb69e5f993dbc13749ed90cf510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c8d1a78112702084f68a9b91396f343b

SHA1
916463fe21a819a960a0302551090469dfa4fc04

SHA256
8f0306dec4f30275c1cb85ec806d719ea2336e0ad8f92d9dbdc4926fa4c681f0

SHA512
bfa5974aeefe046808b4c4b79b48aa9681ec23749262127c71fabe5a536455eb4228d49c93809b2e53c3a89d31aacde074842a2303e3646c999c26e5d22a8644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
2255afec460d93e5113790c23004d86b

SHA1
c8c045aed523b89d32508f6ae643794ab5930834

SHA256
22b1dc18ed718de0cd729a422f59f7750e20b244ace9b716edfda60eb962000e

SHA512
fbc27121a3428c5aa09f10c3ce1761d7c38ffc339b8f1ff3803cc84f6fd02b9bc01fef039eb07eed10af0388e43869f269c894ac2b67f9243155ddf158659d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
0e5b349e85577a1901b55f62e088f143

SHA1
2b1e1b6a2fe1e8ad15a42b74d1df57138a573bb6

SHA256
0e01910fba6c5e58d415c9399d4e0eef0e807a53aa41cc32371aa1d26834df5c

SHA512
1d44335ed7c392e6f68760794194d484274a03bca4bc0969ee0722275f9289fa4ded92d016174c601d84e2256b1236322570b9107a3a997bcb05b9c7f7742510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4e6909abdf63c875de02a8ea4d0cc146

SHA1
883243a6de8358c8c1ce7ecd9bf3d8ed6c93d3e2

SHA256
4f8cec33dcccf18f5d6041618f7622601ec7ee57d7585e0baeedefd9eac07cc0

SHA512
b61bb73082ee3328f92ca9ef7546b5cc69014af6f572fdcbf1040c1e48dc28866f5305a551a21d34b5400dfcc88730fad33daf98e3e810f5136ad36794bb0a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd3eefc4029598b0da514c76833c7254

SHA1
c0037c41ccc1ba96b075104141056881d4811798

SHA256
044588235e0d5a0e619669336c236ac8ce6a332a206fe811886abaa164ec3b00

SHA512
d96487d8519a3a56301b0b6f9f4872721ca364b7f0889195ea96008a323c281db971474069920eb2ac5cba6e16da070e9baef1c685bcd1cfc8b5211ee83ec2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d794d46c5e43dcb115509f5d96da23a6

SHA1
77fc71ae2cd297ef254fa21d64eb1df00c7b2066

SHA256
1cefad1868fee650ff17bd69c2d6296fb75802ff227976558edeb061e7482d21

SHA512
2a827a63965a1a8ab94bdbba5e17d835070f4cb059e9de2255b4a08f2f029263f85008d88ddad770b24c3fcae3bf86a374f6f2baf02733463fef17da6c1f8dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
453cdac830af61056eba3bc32adc4dd7

SHA1
b499a2a6ec36d3576d7a5595b57786d2501dbf7d

SHA256
33ae74b0ab26e01ce4f7b444ab6b52af0446fd126ed88a2e9e6c537625fd835c

SHA512
c4cba581cd06d8a777499cbc95ec5cd287ea593420f7a93101d45666aa1c12dfb989b5bdd08410b2f2f0886a2a081d63e4c42ef9be00918a0683f70375ac8ca7

Download Submit
\??\pipe\LOCAL\crashpad_3512_EYGSTDPJDEDHUWZD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit