hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbm9maEpzcUk3OUQ0RFhuUEVxQ0stUlNrQWZiQXxBQ3Jtc0tuUEplTXNUZEVGVlJna2N0OWVhT0pGekVOelNybURjU1VfaElzZ2dvZnFJUEtHcmE2MlRoU2lYalJGdkVibDM5OGVpaDBvQ2FVVFdMUVYyTWRwR0RuUEJvM1RrSnZxRUpYVVRzNm41YTJiaTBRVjlIRQ&q=https%3A%2F%2Frekonise[.]com%2Ffisch-macro-5292p&v=IFxrJs5L6OA

Analysis

max time kernel
374s
max time network
376s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbm9maEpzcUk3OUQ0RFhuUEVxQ0stUlNrQWZiQXxBQ3Jtc0tuUEplTXNUZEVGVlJna2N0OWVhT0pGekVOelNybURjU1VfaElzZ2dvZnFJUEtHcmE2MlRoU2lYalJGdkVibDM5OGVpaDBvQ2FVVFdMUVYyTWRwR0RuUEJvM1RrSnZxRUpYVVRzNm41YTJiaTBRVjlIRQ&q=https%3A%2F%2Frekonise.com%2Ffisch-macro-5292p&v=IFxrJs5L6OA

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: httpswww.youtube.com@Swifflesubconfirmation1cbrd1
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	wwahost.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133790182830248049"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\signup.live.com\ = "124"	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "2"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\crdownload_auto_file\shell\open\command	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "124"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\signup.live.com	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com\ = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\signup.live.com	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\crdownload_auto_file\shell\edit	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com\ = "124"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "3"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\crdownload_auto_file\shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceh	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0"	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\crdownload_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\signup.live.com\ = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\crdownload_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceh = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\NumberOfSubdoma = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com\ = "124"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\紞鏚欀耀	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\紞鏚欀耀\ = "crdownload_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\ = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "124"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\account.live.com\ = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage	wwahost.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceh	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\ = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\crdownload_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\.crdownload\ = "crdownload_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1"	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\signup.live.com\ = "0"	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\MuiCache	wwahost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 954784.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 553798.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
4808	msedge.exe
4808	msedge.exe
2540	identity_helper.exe
2540	identity_helper.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
4544	msedge.exe
4544	msedge.exe
4788	chrome.exe
4788	chrome.exe
532	chrome.exe
532	chrome.exe
5496	msedge.exe
5496	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5436	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1620	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1620	AUDIODG.EXE
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
5436	OpenWith.exe
6036	wwahost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 3968	4808	msedge.exe	83
PID 4808 wrote to memory of 3968	4808	msedge.exe	83
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3036	4808	msedge.exe	84
PID 4808 wrote to memory of 3516	4808	msedge.exe	85
PID 4808 wrote to memory of 3516	4808	msedge.exe	85
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86
PID 4808 wrote to memory of 2096	4808	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbm9maEpzcUk3OUQ0RFhuUEVxQ0stUlNrQWZiQXxBQ3Jtc0tuUEplTXNUZEVGVlJna2N0OWVhT0pGekVOelNybURjU1VfaElzZ2dvZnFJUEtHcmE2MlRoU2lYalJGdkVibDM5OGVpaDBvQ2FVVFdMUVYyTWRwR0RuUEJvM1RrSnZxRUpYVVRzNm41YTJiaTBRVjlIRQ&q=https%3A%2F%2Frekonise.com%2Ffisch-macro-5292p&v=IFxrJs5L6OA
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff240946f8,0x7fff24094708,0x7fff24094718
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,16447265901940874941,10537503062610584397,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:2336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc 0x378
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5436
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unconfirmed 553798.crdownload
  2⤵
  PID:3212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff23e5cc40,0x7fff23e5cc4c,0x7fff23e5cc58
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4092,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4864,i,17531086928395962636,8732975034463667155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1700

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff23e5cc40,0x7fff23e5cc4c,0x7fff23e5cc58
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1812,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:6040
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff716284698,0x7ff7162846a4,0x7ff7162846b0
    3⤵
    - Drops file in Program Files directory
    PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5104,i,10086688041681926037,10848756803228085077,262144 --variations-seed-version=20241217-180204.362000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1936

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault124e7918h44efh4cd0hb6e3h3fa3ca6def0e
1⤵
PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff240946f8,0x7fff24094708,0x7fff24094718
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18237024150601004631,13069868044581239507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,18237024150601004631,13069868044581239507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,18237024150601004631,13069868044581239507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5424

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
1⤵
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
db9149f34c6cfa44d2668a52f26b5b7f

SHA1
f8cd86ce3eed8a75ff72c1e96e815a9031856ae7

SHA256
632789cdfa972eec9efe17d8e2981c0298cf6bd5a7e5dad3cbdcf7bb30f2e47f

SHA512
169b56304747417e0afe6263dd16415d3a64fff1b5318cd4a919005abe49ca213537e85a2f2d2291ea9dc9a48ea31c001e8e09e24f25304ae3c2cfefad715ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dc9033584eff484ebf965a43f3070d0c

SHA1
4a62ab49c62071387be61adc48dece5d772ac5ce

SHA256
a4de9239677d0ec28ebc566ce25cad30da916587339f76057cc2694152c5feb4

SHA512
cd6fa6dd6b24175a6918d03fd95470405e9f1cf3a33c8716a7086dd69ba9bda496193f8a3b074b1ac4c593f0c6aaff93f3cf28c94fdc953684191933455bbee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
9bd51f47f751d5702ea76515ad33ede5

SHA1
b8f699a980aea7ffabb3e2e4c6ae80da847a4922

SHA256
01f46da59c330f3646d70749b436f549362776667775a0b3610ed56a9011066c

SHA512
568856e7e54ab91f36a8671e0145924a935ee9d6cbdfde45f9f38b1913b9f14c5ad22001a09bd848f7bc2b279c211b0042f861e7d2b69d93c7b7209c7d426724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
35d9a2896c965f5c9ab736449a3e50f4

SHA1
4926d7859bd92d873c184135456bc37834a3526e

SHA256
419ac04a7a2d8d0659f75586e23e1fed92f34585d10e9849118c88732417fd3e

SHA512
80ee5b0810b0239c241e7bdd002d1972cb85047959cf6895eba1b7a0784cf6b7bf2de6b858742aac2bdc5ce6fcf35a84f469957e4534159929406918376e17ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
0c91db6214f5ecf8315eb8602ae41c64

SHA1
16f959dc12b3c9852bc72fff9ee74c7d674d23e4

SHA256
435bd888d4776201552bdea304d975022cb88afcc14545003409a18ccd7f70f1

SHA512
47113c84479db4b6702bf71436502e3476855b7bcbba1d4ec6c3a1e33efde3a4b94d556d955bff29fb3e0f56eb2bf92cc6f6b04a69d19c5c37c867efe55e89e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
a70467dfb3e54fa0ea26d43a4511b745

SHA1
69a2123edaf7b98c759b9edc87f2b2549c977941

SHA256
4c5e1ba5961407b7460fad8aa7b95d5dba18da482d41b7f0d738ab4a1135261a

SHA512
31f514ceebcaa5b22c3aa57532cb29093d7e7bddf57f16b2b77a9be7259ec77ba519f7d28eaa84d73e996dd3e714ed2de91c8709ffd20aba55538b9dd73f6422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
20bdb16d99d320134451aff019e563c8

SHA1
3133568644123c1e882a71c4f8efb2b906567f87

SHA256
48a4f06672bd712d5f937fb67de126a1ad6676e0e16d13a032fc5d8ee7408cac

SHA512
20d9e9efbbd94ad13909cab2c2149b305f1ddd7ee81f477fcd1d723b0046ae1d4f6a00a049623d7f894138b4c112be2a25b18f878bb401505ccbe89cfdce887c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
bf98b7fbc3f1c528e6e0ec86512ae3de

SHA1
0a0ccd91ba365bbc8d6354d4ba1576a155e6ac1e

SHA256
b99786f6ce317fea00fcf426fab623a404eeb355d5f6166457aad5267e8707e2

SHA512
87441665cd276ce725eb245b4040f5a560894d69bd74ad2fbb8b9d392977492927c339bbf67bb5cbbe37a785343b40edfd8a2cf8fccd1f7ab91981dfdab4d230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
298ca64762b511ba61943ec101925fbe

SHA1
9bc0a16724b50399051508a978440a05628b2f1e

SHA256
2618f644039b7e9956da108509886b7feb5a0e4be6f0bfaae7c52643982d36e6

SHA512
3bc93252349780cc9d7d115ed8afff7e5fb0ab891d7215840a47cedbafb7ca065627580edc8a50dff50c9c1453e6c3bec1e068386bae333dce67ed1c5d4c9879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
05b75ee49cdb7a39480e27c95c4db1bf

SHA1
c93e4f32b7abc8a7e3ae28917e3813beeb0781ab

SHA256
e728639514eeeb8e277a3c876fffb9f02cb3bb307c8fc77d5955016d4af1d7fa

SHA512
d676bebe738f3e68c4d900150072139ff6b0227c4acb85f36a4739692f6c29a039f67ed5a7a48684a78830bb52f2e20071ea5e459dbd0ee3ef9a8380f68c8c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
a77588ed59e2bc67cf59927c65f999ee

SHA1
001209be92782eded37ea173cb26003bef94a49e

SHA256
409ec97a0cd69ad17c958c020724f2b63950a786093713d3464d6a8f70e1c505

SHA512
9f19d50015cbc30f806b2ff28248aba05c1b953483b81adb6ba203cab0eb7dc20a4e38893045de94b0f6ee72bf326f7cf8a7c693aa9797cbc68fcf6d2e490367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
de3e0d056db56738085438814599eb27

SHA1
68b72be059e0cd33e99b6867d601ac344a9d6b97

SHA256
fbafd136b642c05dcef4aa466154b5b4c24ca23693cde14395d2be7a690e05f2

SHA512
427898c76eb82cf71519c6ebe6de80df4371d8c6b5e1de8ebfb5dbeaa59f7e980256610518a2c658262cd8837d23cf24b560b184fb89690d90a36a07b892d164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8bff62fc699ef9b42cd87b826a7c7264

SHA1
447e884080f622269700725d303f1340c186c41e

SHA256
c1f7677be7c63e151762c151c3e32f2c9fd6e87db9f1b9af708fff37d8a54a95

SHA512
6c86fa30a62e9ad24a752469a397f1cf8bde3bad9f15cc6df7ab5db54bdb4abd052546781a3e87d86f58f95c72637cadd68af3444100481e8850778e6c73f341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
daf5dbbbdfcb83c041f280eb915ff4a5

SHA1
1b824169255c49ffeb7b356390764404fbf8dcc1

SHA256
2fb0e600c10087ed1d46464a524a39b6b3d4f250686421332ef1c84d5549f90e

SHA512
04ae5039ae68d28b4372dd45e41340f75c625e42e50a505404dce79b4597a18a29c690f885c3925a5a8ed78fa8683ae4afaebce4cb910efcb32d478e911f753e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
452756d123e2b30721d1f60392704c4c

SHA1
b9b53ddab58f92f4bb9fdd894bbc4310c83a0428

SHA256
a159dca977e123bb7a2fab8d0a59128e0e947409f0e16cb118ce115efc9b45dd

SHA512
7985730bf88154c971d141713d8598553b4cc7d2723ca7a80cd19c6a209ade470f93335dddc503fa8faeaf410804d37c3dd76809dd5f28bdfa298aac9cc18982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
f15028f2f547172e3a6f56f1014eb7e6

SHA1
d056973685b30348185b5ed5db88490b70596a37

SHA256
c546ec8d5afb13cd3c53445f8ddda7a21657d421dd91fe44f019aba11f7dfed8

SHA512
54fd3d35d40633f2933c2b96a79ea8a2b3a1b61d407a3756c3942238697a49658bdddf5d4c65901d63d2f84c5b7bfe288a117e2aa511f10502f60bc51d661dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
02cf56e8ab274734a2ab9367e9015ed6

SHA1
428aec610733262692c8bd848d461a3d17ec87a8

SHA256
29a2122345a282879b967120f13dc1fd9f62a9db51e68e8c3520d5eb0f952194

SHA512
e4e19e53f4cf6124d48d04d86f563e120b41d1438f64b9340c82897338e68fd3174b119f8d575ef11546dcf2571b6a933604f2363ba024edd37a71c2539ef5fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
13fd4a59563803a789127d04b208695d

SHA1
e5fdef6e1e20daca34c9f38ec75c453040f60236

SHA256
68189ae0e738f00c539e6bce8f02392f9c8ec7b8cf782880ffbde43748458ac8

SHA512
0faed4c84c69e1be5efb7efd02c674a95073ac39c4f90fa81ec7b03142ba438785c42a798c1196a9b378fbdb56e107e146e67ba17eca687d673ea0f3c084bd58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cba4cbb6a28593a2bd900b3ed3d0be77

SHA1
b61ca02ee727a7270f85546fe451dc19e16cc144

SHA256
ddbb986e6c11d2f6c0734a9e9e52bf84ab28ec965d5a0784182b9e804706a32b

SHA512
6914ec789b10d99957e3b510d252201a0a89761c818e0cf0e85a3b2c193b925af6e3542fc7ca7df34ec2822d62289d6cbab068ea09d94b5e36bf98e4131f8e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f809b2f25ba3fb8cc205f78a3f704938

SHA1
ddfffbc1a4b9b61979d91a8c9271a588e98fb014

SHA256
2dec005a7a73889fb9648dbcbc7436dad74f15c96bc7c24e90565fba431d932f

SHA512
ce6b2533fcb24ef5266dd14e615b57c7ebb0ab5780ff84e08eb17ad186f3fe2f20d3fe4abc50e6f633e16282915a8e31a556920b2ebb97a76c7376ee72e5a066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bdc7f28b001beebf27f9ee213ff71492

SHA1
b96ee3feb2ff0b22dbf651209941829d40e3f698

SHA256
737c3c309959a1ee26bc5dd94027c4101a748f470a436338e03b853bd8edeba8

SHA512
7df799e839043ec2165a7e1d92e07ca52832c28c8ee3d0d17871725f084b6ac3fabec32cf4ae77bf7ab8f80485bc30f72a676eec2d35ddc1dc0d0ed603a7cc94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fe61100ea7488262af831d73b08c724

SHA1
3f14104aa656d90e4b7e7a781f496fb3ca4152ae

SHA256
083630d75a0345afbd070f4fef9b8773e1b7c73a5a1c1a3d7684c6bd12e92a4b

SHA512
090e0fe81531517fe99fc0d0a2d7f601fdd3c59674b897d95b5bbc66397b47ff521d793a8ae3afe7f289d4632ee9c9511bf0b9b98753f95d512513feba562ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ad50f0701062baa08fdb55b87ee789f

SHA1
760ab48cc5adea2cd752d3154298b9ea81d7a2bd

SHA256
6eae99684f3a2f1f67997d572e2e368455c45e2178500431a63d9d87217431af

SHA512
878e097aa2bfc1241eb296cbb7f1b934f598cca1b20eaa9ac33b3b0e162019ffc8df2eec938719ab1a720cd186e324a935d0bd21f58124d24102e3794798e96e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9224842c022be952a6250b039d154192

SHA1
54cf756d68df9143ab91e4bab4bbfa1f831716a7

SHA256
32acaef5742c2fb0f26f7e9fa1d0b391b31ab5b98b205750ef30da5860abc5f7

SHA512
e8a861495092d457f9f881ba2f01c4cb09d6a3786040b0942a8427d832be025d01074c7dc1d40b1009b9ec0367fdcc0e7e962f66178189b82c5eeb29f580d34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7b9174b2a655ec7465e15f683c4f8a1

SHA1
7cbb20a366547bded97683f4ec81b178e69f3c99

SHA256
c72985c799dbcb173f63d45463389e346a47f9b3ff80f78e8aa9ec3eb9e4ca73

SHA512
7a0aefe76a509c29b7b3be574cc9c6f80f726fb55922e90c50550d8e1a80cc350d1ad5daea14d056b3e65b661c420db7f154deadbef82c991a10c1a52d51937c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d571344374ab2b0dc15e7c6178f6422

SHA1
23f4fd479c6d53dd6357f7a7e6e5c17fb37696c7

SHA256
8c78683e8ca67a5f1818632e77c0c4780065f22fb25f4333dcb4e813f409e7d7

SHA512
6f61a9d10e8c3be13d7dc266beae24929c3e78a4ff337fadbfd70f159ace9c6ae2134c4f4cb96f3618588927b801721267918390c4af8769375fa9b3981f1afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f4763dd2a16a0ef6a5b11d794d4fbb8f

SHA1
88e9b6b556bc20225d03b17d996a0e22657c776a

SHA256
cded4b0e88af5d063f79c34550712ee6b344af03af6cc044f15cc44b65585326

SHA512
9717e1fa8c8cd5c5f54c41904359e9324b94f2e6efcfbf8ea4fbd6165c9ffbf4a28504c174548fffda30103686f58ba36d97dfa05fa37ab18014e17cf388b940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d96dc9dde8e993f1de204dbc504bd543

SHA1
f5bf1586bc928a9c180320c14428f8001f260ddd

SHA256
0b70e76a01b06e6d59fa69189be20da0ad2cbeb74178e6f8d2dd91e4f6691d22

SHA512
afaad7733d5e1c6d42177a6b9b7a81aa25e52b1193468bc1968699317ed7eee8907b04a3770753e7152dece9dfb2dd96ec210281773ab501ef6554245ad02637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7dfe02575639277d506637613427bdd1

SHA1
d81e74cf6f97e091a195d2f83add6e0e44c49e7d

SHA256
3ed22bdd9c98f3b9567e73c32b916d237e9cb8d7c41ba8cdf603bff2757095e3

SHA512
4e8d77c29afce4be1a32e2477263f14f1df2991fe5bd350bfb20ecf37a2ea6da43fd6c946bf12b7a4a3d30d58092900eb6760520ebe468deb37e3a67bf1fdf6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fbd2c91d2967cd175d85f41887305885

SHA1
132501e24f2c7841cce69c4e293bcb892d3a579c

SHA256
972f5f444df15b0361b823097ce624fa58e55fe59cdd1c5432725a0999463565

SHA512
e378c2080fcacdc07eba38e004936ca68fa34924ed4b0d183a8781d0238974c35755e8e9b35174ff4311f8755f318742db6425e65e9bf5a61d8f5d21c59f9d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
614071e1e852780e76edf18b906f62b5

SHA1
201e1529afe6e4907d1cdb5106a24f1be503af08

SHA256
be650c655671165550cacb6f12b48da77e3d21948a5556e9f86fd91e3bfd7318

SHA512
0b3730d7b9c90704c33fb739b746d8c6174500cea819ce33b264c63334a606001a55b66142e173ce35f49de45d66e7e774313394a300a976e6affbf174b578d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
a52aa6022382eaaf4b195ab634ef16ea

SHA1
32c7d8d497d9650e37149bee67a8d01d54375fc7

SHA256
e400447d2d2354270bed67ed08995fc2fd552d27af35a254efda71fd32b45db1

SHA512
0df93cf2557fb103e92f2d59c1d84ef6b65d7e9fb6167d0423b2e7105459a464301a341a9326e87ee164662e2b553ce566af255d9b43581891241a2a5b3136db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
15949346bb31fa84bbde62717a7516f9

SHA1
41fa2786ec5d696441eda0e8dfb6da9a155dc035

SHA256
2ac990c28fb20fb1d2c8da2d309959484a9b7f5b61fd3e76de707e7b69ec7095

SHA512
e27ef170e995567f1389628782d58f275810db753cf2269ce729768f45a64ab0bc3c218ed6e024579a59342f1519d1fe420484968d56a5181e778643077d999e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f21b3917-ee77-4c5e-99f8-877a22545f14.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
62cbd1687694ffb8f293a683aa901584

SHA1
65b2ec31e7435f7a1215fc6b5f3484d9d68b64af

SHA256
c94dd1edb893d449996d05a3b30f651526e097addd7404f58fd9ba4f5e24a711

SHA512
67cedb5c79cdf68018dee578c4cc437c5e55bfa3b5c21ebb69c2392531afd451b9b9776c90ded822df89964412e8addd6a457c127e7349171b7a864477aa05ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2c5659520b21b9cba4c0b5d655dd16ea

SHA1
654d535076ae48f611cc54c92c1363a03f2f30bc

SHA256
2e0432ad28ce3ee0608822817fa1db65bec8d73fdc3fe2a6fd675356adf46324

SHA512
7b1255678f5c42760895c650d09bbc3ad5366e6e8cf2887bb17188c9ea4cacefa3dd264b351112166b9159abedd36243fcda9b38e2b6751a9d07b7342d86a70e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
478b9f56952c6a78292d30a10a51ed20

SHA1
b8cc56d54fd6952e9dc868d5499e1f39ea373ace

SHA256
4f8c559dd24b08dbb6b7b37a67a2d74d4ca014b32d2a2009d3c4ff1a74014994

SHA512
39e1796605f2a29e9290d24322549b0c054e9502c9b2a24a2be33df1743013b55f57de3580c72ab24faee1a96a5133ea73de471d867184099850d7247acd517b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
366b21b0d097ac2e81d5b341c3963124

SHA1
c0557259a2f263dcfe43511ab0d2e699bf384bd8

SHA256
d2b528c8de0de286177c68d1ea29c5d1bab128b8595813a20238686d63b0cf21

SHA512
70ad26955a5fe1d87c2c3d9c303b5a986275e82be8423462b174c329041296427341de4f86f279313d50db0f34f77788b95de173ddfc6ae67705d1e808ad0721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
43fd996bb460f13a03d279c21b607de3

SHA1
3337e6ac112bf1866093b0677d00960c4ceac7cc

SHA256
dbacc5a54b499fe271b51a328dc30c65a664aa46caa46625e032971e9ebf4ff0

SHA512
dfa0c27a89debf2d34155b2a89cc47f9d2a7211ddd2da63a40455aaa4b11a9b8072d7a80b93e6b93f91ecdd9978bf6849fefdf2c72f7d6fe6873ba53ebef85d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a4caa8e916c04e4a42f1f9155055cbd6

SHA1
94d084575b440c214c2b1bdfdc21fe5038c66e25

SHA256
29a500c65f7a3fd887b1024b7d597adac369310d920e529d1db6304ab0bc9902

SHA512
6f939f27624f033a9bbe4964ba4103800c0a227e875ab01c80cf39f4332f8743851ebc545cd812a765182028b8d4d2a86de6c87f9ea2bf9b8780a758ed874625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
bc99a5b0bbb90a36ea80a79c4e24355c

SHA1
29204780795e88f1cf5006a5f2dd7e2455d45b1c

SHA256
577aaf705ef4e90192cb9723c82e93e5b9259e1986d3280f6275964f456c5a83

SHA512
6e1d8c02d82f17e56a74cf726a7bf8893ff019649fe17a8205d0493d608dab8e069d82bd1439485f261ba242a0a65853892b7c66c92e8d9b75700dc7ab384d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2009555c0bb5f9bf2c55e65e80350eef

SHA1
667993bb8554032c3b3755b7733fd6532b0685c8

SHA256
65dfb785a61414136f5b61c4e8e9dea11d6e714917704c752bc5f67568f9f4e7

SHA512
29819a30731703e1e8ea1141314dc1931a6792c99911c60b065653be36d8f9311b2f95014338dbf5924ffdd453e6c1e6d8fca2782c443e874560beba6d777531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b663c1ef1a81f61567e432bf9dc05d0e

SHA1
6f5bb79dcae6a00321d0d8c8dc2a3999710a710e

SHA256
8465657dbe6f707c9fc8100eff372532edbeaf80c88fc2a02484f4664c1544bf

SHA512
5e3e74f80f84ad61cc61d41d47299eac8b22c378a393108fe0787895cd2d8bafb1da3bcf771bffd271d62143a948c985e471d4f2b89a5b9ff5945ca9ed9e9e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
57ef916889f1bd7ed36998f2277398ec

SHA1
0e693cf6b0f94192e87b1727843bf33a5a3b0b00

SHA256
9a5a582eac54288574fa90880b24536a045e9a141c86b2b1c1cf114b00cfc3c7

SHA512
d0e80cd1a210079c4610196d93192a21ece853d640e9515bf20b46025a4629f18f79c43227fcc3358ba5ac7d577c4da4c24c265883728699c34d786750d87504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b1cc2cc80e9a22e7ed9f4429af41e182

SHA1
7539658d23da09f41417d132e48596c37aa5d108

SHA256
417190656e1960b8ca27d0fd8ff98477051ab0f43c7883c17e093b9f296c4853

SHA512
ef20d891672c3a9cbc9e8dc4f70132198021ea74c44c1d4be0f771d2f45c40e6071929c3240a00e717019b67bbd8ce831526e1658d2a123dab27fcdcc0a7bf9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
871a37b2f961f79c7dc095cf874673d3

SHA1
bd1a4ec14198b18b2264a8582d2370af9054cf88

SHA256
25cb60098acc578ebc1d7c6b59e1ad85dc711075b65a896609ed68cd135fa59c

SHA512
fc10918838cc054f9c9e5e5688ddb55cc7968da4af218dd75d40bdf551441bf389c840f6f077717ef4fc8e3ecfb1e3354466a231b83a38bc40f91822132c94d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1e069a13ef98327de8d2b679d6de9717

SHA1
854895dd5a9e853642f9c72e992ccdf76e2bc5fc

SHA256
45b63213f5067009c64e53fe951250f974072ecd94ee8fe5d35afa638f640c90

SHA512
b2e5b43bc7caa79fe6b7ccbeeab8c8bcf377a06b2e54c8c32f6b369e65811bc353dcbdea9bfd62e0e0ed6be6f37a1701b3ff253a767652ce28a8a1966eabb34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
05e6e54cf753207766956f97b310d323

SHA1
a6e3d14081e93cd00ba0b85c17cf4b3602e963c5

SHA256
9f34928e98df6677e572ee3ce4fdb911ecf6eb0c2f8e83450d4fbcd020d3f0bf

SHA512
7546dc3df8e1584e5c4e82bed272f60e5cba14e15d61eb1ca7521522806c66ddcf284db5c68885cde081e016f134975774c33e276bbb7de44ff4596532e8f454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d19b25abada61185ddd440dc3ff4e7e0

SHA1
ef0e7a743d9e9e52e9f72334e0b2aae60d9303d8

SHA256
6e9cac23076aaf52d18d6bb591fee0f66901610438f60f32f98569a1376a5488

SHA512
277ed561c3ee84d4d4daf8e2e3b67b7df7e7a7a4cf249c0da31ffb4b8ed8794accdfdab8b56fb7a5cb410a22ed314c70acc074488aca0d94efb3771389b95b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
361f7968e8e33d30cc9abb68f014ad66

SHA1
0bf852e8a02622903e0ea642394b8b1b1f3276d8

SHA256
531a8af97616bab19db903b62861aee090e486a34977f6024a56f647722b1c53

SHA512
1f13ec956c42ecb3f532e0b57c9b59f18539c0e49f3538896da91e444d3b85f4aa3d2137bcf4378113979744f4bb70b99eeb616b66de965d295907cda3cefcfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0bc9c13faabb0c416cfbecd87eab51a5

SHA1
210522c791a41f0344dd8fab7234039bfd7e1fd2

SHA256
ace7140b761ce6a7610b75ac79eb698042c5646a2b7d77a7ee843df13b82494f

SHA512
dbdd97fe214508608ec664981337dc3f6a7332be31d78bbb255b98319b0edcd119b5988949c31a70a14b91d3ac0c634678b45ae8e3af1eb3042f4d0ff953855d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b54f7eb030204960d511dff4db3fa1b8

SHA1
f067d346c1e1237b2f2cf51fd19c00d1c3b17a5a

SHA256
fba5edbf32ff667dd744b77236a77f275bd314b1a2c1174a1c9bc19c61246e53

SHA512
98bf4af8984afa3802b506f37ac77c701efc842ac9c7fa4197621b49ea9bd9d940a6888f4961f9d0bcb806289e90a4a134d52b2c869d92ea3036a4075a433b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0c68c4a437805874cc6fa9f947f8e52

SHA1
c9ad8d1ea621dc6e0c81d5e8fbc4899ce7d1af3b

SHA256
180fc7ffe0e24007568ac8f00500ddc2bd6d76b4f238bae589670c4357857d10

SHA512
1608f5ffdfa6d541684e4b86c2d270691920e9e5308307280c4a740576b9ac3ea85e47f8892dbf387d076c3e839ecac6b6d5ba56e770476b8f314da69f303299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
072c2456da1556e73ea8edf2caaf4368

SHA1
e4e11f06f558ec38463c9a6bc0a29f7d05bf2763

SHA256
38c08f32033f1e5f7d759d1508ac20398806de88a265962887a3fe39099a3809

SHA512
6660c06bba26bab47482fe8d189368a012d019a9b778cc16c56ed606ce0279a290b194e3cf69acb2c99afb913ab29f1dbd601b9cd813eeba5fa63a613bf5897a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8c869142852232a5e907d9eb08241518

SHA1
c4ce386a637d00e80ed8a36a3d4633df18c53e9c

SHA256
eab20228bd6254bc9bd8eddfa346f847d322d60359b0b29d6cece19a11713b9f

SHA512
c04e0344bb1f2fc03667144a94e5cc8c49ce0620200ca45f9b3054b49ef1c2844ecf1d4459f45367f23fb31f6bd53b5efa90024ef0e433a6cb86c74401fe3fe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
59ed65d09f89fcd2efb833c5b544761e

SHA1
56ceab0b1df90fdd4847f505dffbfe3198bb037a

SHA256
32dec90d5b836df3c2f380e5a20635285d42f3f9ebb586462e98fb352aa3a2da

SHA512
0930d7015c2f81b2a7bd95acf19ef4be44e325cf88fe4a2987047f1e2a7e9849675cfc3427bd48a98246c3abed7c7b769814d65b3559d928ec95e41bc3d3d255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\130aeaeb-0e26-46dd-9f46-a463fb479bdd\index-dir\the-real-index

Filesize
624B

MD5
c982041c6405dd60178c131e9f19fa73

SHA1
a524759f60ce7a0d42500435f0166eabc2f0836a

SHA256
541297bb9549732e2dcea6638755cb817b302177b0d6d816623f6ee1a772fe29

SHA512
0480c8d639514870ba28ffb70a207a1eb5bc873d6b7f68b5de5ae72e9f7e9fad9fcba2349f21e5877ae7018616fbcc2b2d945a3b5a8e2f5004dbb028930feefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\130aeaeb-0e26-46dd-9f46-a463fb479bdd\index-dir\the-real-index~RFe5838ed.TMP

Filesize
48B

MD5
164849d2a96f7f0e57c110f86d331ad0

SHA1
77818eda355062ea8de57adf5ef84022c3e55d61

SHA256
bbb0777a70937259e8fa05cff9ce47b213e77161f6c64f3d2c79d47b14607ee2

SHA512
d9dcfed998e2d9fdead6cd1019ffdac65bf588ba4447ae18ed3f433c1292fdcc711449e298b877225ff563854406d2b5c561e4955d7f572d4fb79cb1a22f9cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1ca1cbc-4317-4e0c-a620-2913c2ce60ae\index-dir\the-real-index

Filesize
2KB

MD5
1fa3c12038437bbaa4b7d0906aa29b89

SHA1
d05e94dd4b5ae59ed78715a83497708e5d1a2936

SHA256
f0c921b3acbd99236840a042712edd26051d5522db71af8e40d04deb77b06660

SHA512
a10ff0a85e3b417f8c140b148d656dad8f4cc64e143f4fbf9a12adb639080b679bed3d3100dd31a9d78203da645976d907330eb7b775be025716803c56607a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1ca1cbc-4317-4e0c-a620-2913c2ce60ae\index-dir\the-real-index~RFe58367c.TMP

Filesize
48B

MD5
029f710fbcb6bd3e6261554a56c9b469

SHA1
7e8a5dff7afd0fccde41fda74989bfbae85515c4

SHA256
37acc283bbe3378e3f8e7d13184b5b7ec6206c891cf13a19ffd3e1ebf5ac1208

SHA512
be71cbc94575361974f09ed5d9d783539b4120818277ed6113bac9f5e72ef7c809945b0516d8210194a65db2d5f1fb46313bc76a10fbf30ff0aa6ad1561e8b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
2408d857caa0b023145c932e14b16d6b

SHA1
8645fc519cb5133915c601d6f0619963f36a36ca

SHA256
c38a2cec0b92835e4e399d3078bebbb36645ac4d6a468541b2737d5be419ba81

SHA512
2301d55c5e940b4ceb186cde2f865f506fe536c31a6dc98963c055c88cd24ed749a66449a31dcf526f9a410dc97995e04b35874cec76e3f601c9b9af4aacf7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
689b58b944d8fd00c0238e216bc583ab

SHA1
60e2e5149fbd753ae7d5d23dbd4f56f07e808f01

SHA256
9ffff9325688cbb41c04f55d8bd6d7f459882b2d39050cc74929ac64fcfb9902

SHA512
594a60e934b6710280e9a4bde01555106ecf508267943be5e357ff02b0134268648cdee2c8c039b8a807223a30542dfef47c012913c692183cace3223ca7f209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
02bf44e51e24bb67cd687cd29991bb0d

SHA1
a90c49fc7b8c9b4c512325f0bde8fcf8e9fa400f

SHA256
fca80129ba926b05f03aeae2564f6e2099fadb79691f40ab1d59890f65c53b02

SHA512
2a08e4d1748659238f683cdf970b784b921a8226c1fe06bd06d75b85fbae951cbdcdbb0f2ecc7f04c6a7d68a5037e058b72ff56d27eb8f7e5c9b3ed71ed0d9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5dfa44f7d7401a52b12e78f84cdc2dbd

SHA1
f15c3d864ad6fcf63e22cbc3f9f325b7a24e76f0

SHA256
bf8fe1a3adbacf1f3a3e42197b0b5f0dd13dac605c8bfe358513fda30e26f16e

SHA512
39372df1577607d666356416eda16de7eeaafa9f1bbcfe02b56a2bec65cb8cd1f28d563e437102b62b7f8c4c5fa4019069548b6af0ce305b1159d351938cd02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
4e17ae9aba1224420e6f7081c03e095e

SHA1
7fe74fc76fdc7c03761810a3fc9cc1c5cc790a29

SHA256
8dc33b68bffaf9634b10e1f17a02e62dd14f1cd8e0886157fcd6b90799c5492d

SHA512
3701120064db70a4f16db3f43dd104a10e7ee6ad5f94747156c191e9017fa1b867749cbff629872089b73ef11fc37bfa6be0214d4a6ecbdb6db251be32a54d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
698e9dee22d195ee327298b6df77f7bf

SHA1
147e89024000d3c0dc7030d571d4f656b25ecec6

SHA256
2a26a6d0d0ee61a0eadd90ab2ac316c3cf737daf37161d28b317f57b9563d9fa

SHA512
b669764cd48a5d6f4c9d1a21eaa00171c32d1ea598b32155973f0940c24c53ceea7e9839c6927c2d0d19ab33e85aa2c6e1375057e3dec6b1cd8f1463fa8d00b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583071.TMP

Filesize
48B

MD5
82f02b2eb99cdcf930d5cb8a799fb391

SHA1
6a13ec32983ba8c5fec0e512fe6e108c11f657e7

SHA256
f3eb7d89b42ddf8d46ce5e69dc03d35ea1719437a6ca01632b9d82e50ba80048

SHA512
608d517e4d87c3ac3776ad0609860c7e31b086498a6f47f47ef4210d204ac33d0d5cea1926cb2383430c394cfa7e45ad4f58e4bb5fcab58b5e93f5ba9a88129c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
894b0bb5972799c8ef54b797c46ac7c8

SHA1
d3368611132d644c3b6506651781a00d098f70b3

SHA256
4170a565e50accc044e2874df68fd319bd5189c0d9a4016d23c1556996a5bb91

SHA512
053a862918b5995a1ede690652cd797bd588fd38471eadf32a76d785b40dba46fd3b2b3ab185e8207b6e16a24b79a9309d7b0c19e32d900384de39583117fc8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
edb2e8d66f6f937928e74ff7429d443d

SHA1
f472f580d04689a306d052283bb51a9b95994533

SHA256
a8e29a9a813ddae193eee627dcb297914979a0ba7990dcb87ff2ee984e52c2d2

SHA512
30a1c8a72ffe1c469ff46f7c61f5f9d59f464e52b3c63b45e6af17b1401adc54dfbca0315158d0ec7f8e0d06d20e65c25abada2b2bc83650819d07d420c7a52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
751ebf5451ef43ad28a1f83032c98bbf

SHA1
d3059b5204c50c6d9ff348aee3b1f0894a61448b

SHA256
aa3bfdcf5cfb58ba85eae0280022e2370cb4c3afa092b22ab6fae573c734a5d8

SHA512
7ee53424676069855d54c6146fbc03f84d43eb1c62432ff1fb792c412612ebb9a86b0f9e7e8052d45d25e1ec02e18686f14506585154c56ba77c28480c5bc00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57b897da5563bccb9535e040c124aa5d

SHA1
69ce5ed7cc8e2df59f5db246d9bfa7d18e15d211

SHA256
b184721458992cd583f39f41b1b9992af1ec1bc47c412f4e91b84effc2202527

SHA512
6fbf7f0f7a88d96d89c1f418920099886e36455e1e166ca96ea314b23c03d9c3e5fd7f0724991e184ca6033fb788407807cb84b67a77ae5aa5d44449f1c3f6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
e7b1a7f66fa3797f14580727aa206da2

SHA1
7df93b00ab46a460e585efe92acd7dec82e7fb79

SHA256
6b2c35d8cd310a4a50e093fd9e6ae8d10602e8fc3871c858dece123852132d00

SHA512
547ac1f7cf837ebf787de6d851e7724f9a4590a3789ea9cadb470cf215863819244b9d1270122bef2db202381e2b277ba0014bc534bd930c0e867be4512f3d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
def5dc44a9ec51d5e3d274b6e059bb04

SHA1
24f63aea9fbb3500b735a00a968f8d36df556889

SHA256
6c074de03a0e24414b4c07c0e19c78ec8f81a39376dd1b707fea6c82be5005df

SHA512
28818ab1840efee60dd1ba31beefc17d564c007de6a09fc348cbedcde652a4272d51a54aa0c3c9bf2726912ecbb0957a495b3be532966040bbe180a338c4387f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
d49d8b004e735ff0ab9817dbaff8c027

SHA1
9b4565a46cc2d729b616a865f25984cfd72767ea

SHA256
f88f921808f80320e69e6112c59e0f92ba82d3486f343f371c3a669225bd859e

SHA512
58501ddc26fc99e48a09788f38f4e20214d6ea9ef7b1c3b0ac59003534c4188a824c6f6452c7177d1e7589b57cf0179b8129872b095d72bb23ebbe180b4b90b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
fc26587e39d84e0954937b30b1d94d64

SHA1
18d9788468e72b0a6811056b30d5add06d7364b5

SHA256
9aa6d897bfec55dd315aee83072f05239b0c68f0fbbc93747be0ed0910c30e8e

SHA512
b6def180ed4f9cf6b2e47a650450fd7139c397d5b3d572ec512158d8873209a9964a52d76cd4628d8adb425509ae3a7aa780d18acb60ffdafb7a2ff361f9b351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb5e13fed35f59369fe58d0587df68a2

SHA1
22aecda8def1be5e935329ed1719f648c79a5597

SHA256
5d070f5de4049e7ca2da8f783a4eb3184e541bf344d3ad876c678bc331aa47c1

SHA512
e4b858abe13e1c1c42d8e30d1deeab9cf554d282a638979054c6758abe11e9e72faaf120f486a5e238a9e5da7155e572bd476a80bcf9baaa0988e2025276e818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de79.TMP

Filesize
539B

MD5
23e3c565e8bba39877c486729b24b0cb

SHA1
2f6a896bdc91e73b12c7f320577307d0b438aca1

SHA256
e5bb365869e87605464a85fdd02fd92b7eaea393f7faccbd5c4ca1ca371b3693

SHA512
c3d6257419612b0a3959e3ca8fba762fc6ebd7f3338f0e6088e84d9b211e7bb474adae5c9c860fe357a2f2d348f670b70bf5062efa245f35ef3f671bcafc4f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b30ef702c20a7295c6ab6f803c9e4bb

SHA1
f1e6222989f1ccddb88df079c16ccb9a0576b8a8

SHA256
4b923c1657d0779ed6c0cc1c6c2ec893dd742186baabef0c7f2d81db9d99f6db

SHA512
0b66f315868b85e341833c0a2f043c90760788d5e6004b5cc55192e91fe9a04521e97fe52aa0ce7ebf29e2500dca269b15223fb8fc9c1bb488621d990248ac51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
def76e57dea26ba39992b3693db86506

SHA1
5137e8c341416855c0c095048fea612d8a272f5f

SHA256
a504333e649518f80bbf856c17d31fe7f7df30d897eef57d98d10a3019f8402c

SHA512
2722fd4034e43809c11c6288d254ee9c6ee41b3d714f06b5e446a579fa431c395c5d4647eb2f927984e04ce8a01fd93b5eb70833ef569102fa318f18a8947ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4549759821e163576233e18d9f502162

SHA1
d75bf90c6a23e648b95c4e5bdba4943c4bdc6271

SHA256
712da15f2f46b3226e7eb844ba0b743b1aa8eb83054bcd62bcd26b7edef4dda7

SHA512
a770bb07afdb1534f642ea3011c90afb73f8b9f43747b573cfce053f6ae2cb8b1e8c07f4b61fafcafbd213ea21fb2f42184badf08a7aaf274b8dd518448080e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
911e93e267b3aa7e62cfb4a41a4b00c4

SHA1
af8a83df4c3c633e19408a4fa4f732c9ee28c894

SHA256
6f7e25de5cc6cc2d4e38bd3824abac3497cbfee82ae6056903984760f7ed9ec6

SHA512
3381533f8e36fa3b511c9c22535cbde8f131b4104ce627fe1fb51fec7d5229605d86de0fca3813878d86195337fafcfbb64565e9ec29491bbabf686a9f168015

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\YHP863V0\2_11d9e3bcdfede9ce5ce5ace2d129f1c4[1].svg

Filesize
1KB

MD5
bc3d32a696895f78c19df6c717586a5d

SHA1
9191cb156a30a3ed79c44c0a16c95159e8ff689d

SHA256
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

SHA512
8d4f38907f3423a86d90575772b292680f7970527d2090fc005f9b096cc81d3f279d59ad76eafca30c3d4bbaf2276bbaa753e2a46a149424cf6f1c319ded5a64

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\YHP863V0\microsoft_logo_564db913a7fa0ca42727161c6d031bef[1].svg

Filesize
3KB

MD5
ee5c8d9fb6248c938fd0dc19370e90bd

SHA1
d01a22720918b781338b5bbf9202b241a5f99ee4

SHA256
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

SHA512
c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\NHKU0VG7\login.live[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.json

Filesize
136B

MD5
9c1e824ef8695a1abc67f5d0a95778c0

SHA1
ec43ba5ce45d92453320bd6d14d96a866ed4c0e9

SHA256
0e9674b55a602a97e8ed235ec72e98e5d816ac014684d179a1fc0b9959345d97

SHA512
55e92e224e5d357e4c1dfcd34ee8b7e1d160f8edfce2f3bd156a240f4cc8c73b3329497d8199fabf2a81d8d04be5f49687224b498c57cb115231b47c81d65d15

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 553798.crdownload

Filesize
200KB

MD5
aedc2ff167372ebae936d5c7e8e6789f

SHA1
d84fa3739ae41cf0296ddce581b448b3e1604c98

SHA256
eaa7b372f5b34f2e343802564ffa4c2b6565e27b6c962023344b773ab48ede58

SHA512
25fe11a22e34c76817337dc85fc0c67e816879777f4e2cf6b527a804b8853a7e9846e0f9665a66b32d61cfe09f04740758acb14e6b1c5f1e8489fc4e30794637

Download Submit
memory/6036-1859-0x000001ADF1A20000-0x000001ADF1B20000-memory.dmp

Filesize
1024KB

Download
memory/6036-1796-0x000001ADF0A30000-0x000001ADF0A50000-memory.dmp

Filesize
128KB

Download
memory/6036-3023-0x000001ADF2C10000-0x000001ADF2D10000-memory.dmp

Filesize
1024KB

Download
memory/6036-2952-0x000001ADF6E10000-0x000001ADF6E30000-memory.dmp

Filesize
128KB

Download
memory/6036-2583-0x000001ADF0870000-0x000001ADF0970000-memory.dmp

Filesize
1024KB

Download
memory/6036-1639-0x000001ADEDA40000-0x000001ADEDA60000-memory.dmp

Filesize
128KB

Download
memory/6036-2961-0x000001ADF3BD0000-0x000001ADF3BF0000-memory.dmp

Filesize
128KB

Download
memory/6036-2307-0x000001ADF1B20000-0x000001ADF1C20000-memory.dmp

Filesize
1024KB

Download
memory/6036-1866-0x000001ADF1B20000-0x000001ADF1C20000-memory.dmp

Filesize
1024KB

Download
memory/6036-1775-0x000001ADEE170000-0x000001ADEE190000-memory.dmp

Filesize
128KB

Download