hxxps://www[.]r[.]oblox[.]com[.]co/users/479556822/profile

Resubmissions

14/03/2025, 03:55

250314-ehay1avmw3 10

14/03/2025, 03:50

250314-ed4qhssscs 10

Analysis

max time kernel
138s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2025, 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.r.oblox.com.co/users/479556822/profile

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-sq.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-te.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Filtering Rules-AA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Part-DE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-hy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-sv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Part-IT	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-mr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-kn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-lt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-nb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Part-ES	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Part-RU	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Part-NL	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-et.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-gl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-bg.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-la.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Part-FR	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Part-ZH	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-bn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-da.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-ru.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-tk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-as.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-en-gb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-lv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-ml.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-ga.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-ta.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-uk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\Filtering Rules	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-hr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-fr.hyb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{8946EBD1-7A08-4F85-AB26-2F1ED667FD12}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{C142DE57-F881-4225-9C32-176C8100D3F1}	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
3348	msedge.exe
3348	msedge.exe
408	chrome.exe
408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
632	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 6032	632	msedge.exe	84
PID 632 wrote to memory of 6032	632	msedge.exe	84
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 3308	632	msedge.exe	86
PID 632 wrote to memory of 4432	632	msedge.exe	87
PID 632 wrote to memory of 4432	632	msedge.exe	87
PID 632 wrote to memory of 4584	632	msedge.exe	88
PID 632 wrote to memory of 4584	632	msedge.exe	88
PID 632 wrote to memory of 4584	632	msedge.exe	88
PID 632 wrote to memory of 4584	632	msedge.exe	88
PID 632 wrote to memory of 4584	632	msedge.exe	88
PID 632 wrote to memory of 4584	632	msedge.exe	88
PID 632 wrote to memory of 4584	632	msedge.exe	88
PID 632 wrote to memory of 4584	632	msedge.exe	88
PID 632 wrote to memory of 4584	632	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.r.oblox.com.co/users/479556822/profile
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2c4,0x7ffbe166f208,0x7ffbe166f214,0x7ffbe166f220
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2040,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2140,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2560,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3268,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4476,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4908,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5368,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5688,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4928,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4832,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2920,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6544,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6544,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6992,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=6960 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4808,i,7568949057288765726,4504785831180264627,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ffbdeafdcf8,0x7ffbdeafdd04,0x7ffbdeafdd10
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2096,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1576,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2392,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4464 /prefetch:2
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4708,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4704,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3532,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3196,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5980,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5924,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5920,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5792,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6140,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3564,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4944,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4908,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Modifies registry class
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4500,i,16218539724033286647,16743147034088964591,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-af.hyb

Filesize
70KB

MD5
ffa9db945f0f0c15b8bba75a6e064880

SHA1
49217a9d5bb7a868464403b4e3c82e80df53456c

SHA256
5487ee44a4cd706d0086522e90c59c76cdf2ac68ce506fd3eae6054b9220c0cf

SHA512
cc67b2dfbbb009dd3fdb999fe86410425455613c12dac755a3cded435cd25ca4363782d70f3b7bb7c0fdd63e2eb649ae6a4053d929f463b646b43d7dbfda79c0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping632_1514312897\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping632_2001126483\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
b3b62f880e8bb53926a5d8ced6e8b0dd

SHA1
059df9db541a4fb733c8684a0a5ab0e47e42357b

SHA256
7b82917a7ca59dacf270cf944204bb41c2f4bd90c9a6ae22525bb400572b303a

SHA512
8d37eb5243377d356eebc0c6ff9986673f238c4cc9afc72ab9ac164c37fb505120bf6ab0ed1b710a4e8eaecb99056b1f37b20ea8e518ed1cddb1760c107cb279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
93KB

MD5
565b1b8edd42f64f677649bd7c32553c

SHA1
1ca450acf97201a96683d780dc017343e121fec6

SHA256
047f13f2133d1f3031fe1a114c6a0a6577cb58b4922b49fe8cd62e7cf7505faf

SHA512
b11a4dcb314d9c51aa6b7d2519fdca43fdbf0dc4062d328a455515cab828855e75215dc7601d67f50e5df6988370c9f0dcbe3abedaa848b4dd0af302497db923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
51KB

MD5
eb43e1986b4decb2f18b87705230b3a3

SHA1
3ab15041ee2e20de935c10e036c706a47b8270cf

SHA256
392756ba1e4923bc1b92d3f668d1713d7fa081e5c67a6d0cc27f0585b2a57663

SHA512
d9c79fcd526454b83078f4c1c153fdc08db204873e2ad2f95eece159ab3f06023951632557a8d754b1c2013cae3ddd3a45e66a737818396399b25674abfb8a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
23KB

MD5
5d2a7e2f956c0df8d4c27ae675f23a7c

SHA1
2c8d800093f904c65a2af0ad1af5c7dff12fbe30

SHA256
3b1a175adf3bfa3f4d0175de71eb853e9ab7136cfd42061fb25366b70bfb54c7

SHA512
2be80832ca297bb710038b83b0be7c0cd84f3c9e906c7b7668fe45dd4d30b6fbcc0bc54a4f070ade479986be183b1f57750edec4dda2e8b04c7435927c81debf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
22KB

MD5
2a5211f13633e621e4e96e3bb4aeb2d7

SHA1
aaec211b9b1aa4340aaea0cf52494e37725e8d89

SHA256
a5b539d625f24613d5224001de32014ed9d77f96f7de7b97a2cf24100d9971b9

SHA512
cd1e9f4c8274ee50757496c160982d345c51477ce1e8140eca44c7af3d36b516a660a28c41651c5321d5213d2c9ed938dcf00a13f4e8d319ba5e47a65d5722e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
24KB

MD5
b691f2165945ade7d5482e597088a9c0

SHA1
938b244a03298efd3d8bfdcef7394641bbd99273

SHA256
3fe8855c77285a1e6341c9d16795c90626b423456a3301e6bdee3d33cbdcfac1

SHA512
4b4cace367d45a00bd597acbbec54606a3317ca45193271bf4237e04afba3aba5b63e932a865260d5d925e8f2721693aa727d64cbfa92e508acfd0fdd84ead92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
44KB

MD5
46dbd0bb0bd8510e00a953bb7521e774

SHA1
aa907dfc02e858609025e2a3462b8d32bc6516a3

SHA256
80f87805797015c03590116fc920f36fb1d5019f7646c390110863afe08e9c39

SHA512
7c31c764a6e00ec4670773beaa1107e9866b856ae11d5b9c4b550e6237470d17068ad6287e2b63c8ba2c1bb15af0994a1d8de7c1378396c87b2c99a1d096b689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
29KB

MD5
4974f431af99a6b0fef1dbf0fa4dbd91

SHA1
00731761845dbdeda815f5f9bb6a94b06e820a8d

SHA256
7d11a64ce5bf8a535ab3d1c14651c639ae161993e58608c25553159798290890

SHA512
1f71acb62694920a707aec629807e3cb05a995971ea0383ebe5a1467387dc2dee6fc1153e67c69c9a933fb4055f97bc85f82109bfdf108a7dafb87c439bc6348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
20KB

MD5
80e7fb2030815373395ba26c9ba7f95f

SHA1
0f44c6af7d3ee3304cc5785291dfd55445f271df

SHA256
166c8b865fadfd13e26d221f5c17f50cd7d3c2b7059b021f344279ea27dab382

SHA512
3b223ffafb5d8bb173b361a707ea265fdf869360ffe845d2a8531d0992546fdc339a6f522f60373313a17ba1932a96f2a6b77260313fa3f5f1a203aff390b609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
30KB

MD5
69fedd93f33b6bc9f57718bbf4840e0a

SHA1
2a125f321e038cc7c0ffc30458d338eaef5f0d33

SHA256
752e34eccb23b9bfcb956dec7b9cd7ef0c22724f04736f15f53d5d4edb3424f2

SHA512
0bd3f86c4ae375a8066e59b2bf3f78976928f6f5a6522cc4e9257e5c11e2d1ceee67e9f3d643779bfa5ea19cacacc043d39539c34c4fee6d398aba377ba72456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
89KB

MD5
a9d083052ad8d0ba97af118f209180bc

SHA1
77901b98afa46f425a803139b364b3dc4c6ebc34

SHA256
d29139223025de061ad4a5e9878fb13d2b89a3860b3a4a6e84dd33dcaccec9de

SHA512
42fd500324f58ba7aeae5e76d44b8652d48136ccdc1e13c31906dacbf789b1ea32d7d3e10ce2f489284da6a5f35a67a6d176786183e5c0102e38361990a2a37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
75KB

MD5
25aac7bb72292b2d04b05542c17bbd87

SHA1
49a08f5dbc6d081f5f1e83c69c8c60cb7e7810df

SHA256
715699c77fe77d0142a8104bb2e55b536c79f22d5b1a988895dbd56bd1812e6c

SHA512
b68198ed00c8df57af87b84a31d80193c18ec390e2ccb7866fe4459975ec7e256e0b8e2cdf4cd456cf3ebc8a9c3f623dda46333646bd887c697d9fe3bb5e5981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
20KB

MD5
bd8d4aa2b19747b7f36bee4511208b60

SHA1
7d7d6c7feb05c48ea038c19a2406d58c46b32dc7

SHA256
c1b6ea2ce8ed3941e79f38b7296adaddd04d313ffd312dd35ec42d18c3807ca8

SHA512
3a6094f5fd99ec6aa1a142582f31a052f903f47645a2e8443206299f7d8b91405b40b653f38b2f879b31861f3964300f1bae4e4c40fd070a1e3590c2ed68a682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
59KB

MD5
c5bc9edcb2cddf8ce4b9ba5867a407ae

SHA1
fcfe2cf3e4a15a21466624e743ca836150c4bc86

SHA256
b97848ff8ccb92a7bbb008e6c641dbf0b9d2bbe94c2056a6cd4942748d6eb75d

SHA512
891f88d0ade72f3ef26199f4259f09808730abd91b73969d4f87a29a5df93684863c48885e341232743e5d7860c641cc07ac8ffefb3e5f1cc17610cda97b5efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

Filesize
42KB

MD5
cc7ad65e0558327d8fbe8ade40ab94e8

SHA1
6c153e9bf971f196db25cb2cb3b62f77f0a1299a

SHA256
956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30

SHA512
0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
39KB

MD5
e1f6e032096b2924e561c3928b9dc73d

SHA1
f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad

SHA256
fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8

SHA512
b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

Filesize
40KB

MD5
f1cad4800853bba09a023250de102801

SHA1
76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6

SHA256
e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b

SHA512
4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

Filesize
42KB

MD5
b715a5dd019d1b8771a3031ff85c972b

SHA1
5768744eb85d3137d094458e4b7842c1c5c526cd

SHA256
e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a

SHA512
22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
fdfde3efb73ebd617dd5d839ae983d81

SHA1
d3bcd641e51735691aaf325e4234802e61bcf605

SHA256
8e9c8466f5aa36a14c4b0fb183515b1e8be926397214daa83f3dd3d3df1023bb

SHA512
d526a86bd638a5deff70780a5d913aa40841860406f6d106c7cf91a8f83b285c6272b3703dd549e901d68385a8e1ffe243d1503d33d7684af683df080f4b4bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
85d460480e81ad89366c026f5d2a6f6a

SHA1
1212d8236fd3672ac4bca26223af2e3f1ee131e5

SHA256
52d34d07bb08270b4c4db72f6503ee18383abe6ccdc3d051cdd5ea2786c7c267

SHA512
d6fa67cc1e9f1e1a7b4fac308b0cf7e2741384211ec74a699b59a3dad37af8f65c1635be09acfe39afd2d0e30430569c996f4dbdc040b9aa064ddeafdab111b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
036ef9e895c1a94cb47b59ee8c6daefb

SHA1
0c43510eb12ee2a04338a71a7dbfa86bb22410a5

SHA256
3af538ed842a9dd4798e4479b7d36385900b1fd25df5ebd803fbebd833894907

SHA512
b45d71834603f31d8890e554eb2bf4486e29ec0290f32ff8753f90dca5b180c5a36547a3c1bd9e3ac66637ebb3db2cc7dfbdac11d3a0e6ee7e89b853d0f5caee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
707676ba51b431eb92df4745ee0ff7a7

SHA1
76cfcd5d5ffc0fb97efbb17533ecb26ad1da0d48

SHA256
6e191c970829ab394d8c9845079f722134ec6b124991c51539ffe4b662af7883

SHA512
e63f57471f6f6b5c6dc44f6d8b3ed9f082698026f44439dc74493dbf958f100b583e2b93ce231090404ebc7f1ef347b45bebc99bdfb9e6254c8867e3e0f3d72b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf6706a6f27efaadec46dcc20e4c10d8

SHA1
c2077f34f0be26676bf1da702bb8b68296ba8cc6

SHA256
b1d7750332343193d055ffb3c5cdb6be2f55edba56a4511841377e7adebaa8fd

SHA512
26833ceffd8fc5414e6abbadbd21e2f00d6924de97bfa13b32ca4fe64097a11fa59a6cac1dbfcc901efa39139893235d59fbf45f7cf9c2e9a7fb8723d78674b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e993f1b1f318541ac02740af88469c9

SHA1
bfca0f41c467c9fbc17ada170dc1c56f60f5d9b6

SHA256
1b587a1506d3621b1ebb3a79874ebaedcc6fe86f1e6e56374e4bc0fe1ce3218d

SHA512
f1d40f46e0dafa4c73c6ea6d575cad20248008561ab787cf7693c3f8434611d0de947992f4187917746b9af76366a33d51d0f2c32e31b8e1b9cdd7d5c7c88295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8e8734f905146e04104a297f4f1c19a9

SHA1
0f6641ecd8ce345c9dd82181a3fb4547ce140378

SHA256
43a79e01203c1389f0a04353e9cbe52fabbbdeb6cfb6822e3f20132d78ce4ffe

SHA512
b2f92aba2071f9801de71706192a4891a6465b19e191e1c14a4c704bdf4f36c1d4b8336896015dfbaf6e66f45120bdd4a39722e34846ff7c73986360dda6fc89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea4a1fd87aab0e4cdcc8bfec2421b951

SHA1
8b8d7fda2ae8c42ec4705554a0dc6656abaf836f

SHA256
fc9a8e7c92173219dddb75c92ed45a698b53f7b11f165bc91b15a6175694038d

SHA512
edb4cdd05657ecae13286ed5c12c4ec6dfd8ae47db657a65fe480500976e629502d5cc19d03f952a73764c45785338b6cad3957fbd0d9778641e9a2ab089904c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f4f1c7349dc5a8ab992f8bf5341b99f5

SHA1
d95c5fa2b3bdbfe645bbf2086176b42efa81c023

SHA256
4649834f2b0edd7b2685a21084d9a1097951d063d7c67b3e4207d801a48289ac

SHA512
1db3de3ca9ca46ef348eaa2d799a22c3f8755d0b0b37f72a4bf150f3b7d1bf2f4f392f0397e610dfdc4dfc74325c32e43f3582db786c2899fbf02f05c6542427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0aa00099fd7a60723ba45212c60b6dca

SHA1
361a70839b27224877c6b62f71cc0fa6af0af048

SHA256
3b4959349645c6a92f52b4608daa6f0ca56d4837579221b2dc483a1136403d79

SHA512
12f65c75cadb39528a34d2bb4878c884121d2064d2f29b506c798e650027fe8aeb22d4a54dc903b57904e0bfd3b60fc02772823b34154d1b1c38939e405a463a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583227.TMP

Filesize
48B

MD5
0bd73f6ed62379f160233970f92cd691

SHA1
1da5e475e0ce3591d358207cde215f69671043b1

SHA256
363955160c1ad408c25e050ae0fdc06ed72b479280bd215f91cc6100cd5f6b78

SHA512
ac0d2d2df06a697a9bf9add72a809b1066649e8428d3b3f08b5e09f6b8e5d8979591b45bc53dfb9b3a11a6526b2b09fb10ad60f08db43e6018aa00aa14f65987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
385d5391a0a9f0caaf2f85c380c69f66

SHA1
5b9275c92e789dfd976df51475f3c3612d6ee853

SHA256
0c25d9dd595a1d983b70c8c0629384f1c6053317db51c6116822355e7da0abba

SHA512
d24bb9263d212458ecc2c5ff9716f045d7b6166b21c232125ef7333de3ca27c62d0ee6fbf007893975130ce64aa9b3baa13ad9be4f3b70f315f3dcafd8f774a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
ab2b452fd53b60e68c2ac88d7e2af303

SHA1
773a67d7a8714f0c7f98e7058901f0c81f6da0ab

SHA256
9d8a6718883b0f55c34a9764337a5d646374ebfb800f964e64177821976b8165

SHA512
ca9547ba7f905ecf580f94d350d0af64d40610e4a8a51fb0242e930b144802e6c5e6fc6844f4e1847d86de0ec56c70eb11dcd5b17856bb93f7eaf8e21873c0eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
49e46b43ecb099d0ac9b63d4867917e6

SHA1
5610cd8b971685ce655b5d44929a5177c92b97ff

SHA256
45da31d2b52e42b347bf4649d88bddf3052abd2c0adff4438b9c928a14cf7dc2

SHA512
95245f095eb7d5852ef4857f1436006abd7010ee492720393068c78c6f877643faffd723fcd53580ced06c0b77dd7df9ed90316224db72a192bcbb447d541309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
15584f095f1e3b42e8afbdca7526cb11

SHA1
50b0c8e4caedfbaf5e835be462c7a50c7aa137a0

SHA256
85be9eb5b863da761fe5e6394238f85ed137a25ecdeb9cc4edba36e3c2499318

SHA512
46ad5192a6b55a7b875841fa0b7b7c04bc5067ac665f564222130ce7f5e4f19fbd598d0e7cdaf53f76c4526cc1d5fff1aaed336f8b1ad32e37d7719752827ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581d57.TMP

Filesize
3KB

MD5
8e5ab806e91df1b1b9891bebcf2a65c1

SHA1
a19e9fa69ae27264c80f88d3a7c2b71c9ce95741

SHA256
221196695629cc914d5f9bec9d71ac37ca477d3fe93d15c87a24fa3853058048

SHA512
ec486629f6a9906db69050bc5e7a9db619d998ff857bc19468e4eca63bcd4bd38e496750fa6e128b13f0e3c250bc17482c18054c16f25b95efb294b0ca6de776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
f76d34fb1aa6a30459f091df72ff0d32

SHA1
d5ff9e2b298a81943bd67aa57344ca57415b66f6

SHA256
ddd7b2b0548e11f936c58e35775554eda3d4f47997028816baaf7851158f281b

SHA512
35b95add357dd466dc2281c11156e66366a4b139d768c61da9fcd56e1a38450aa2762282b65203f38d8117f9deba1abd98c9823ce2ecf0fea2831f8f8256ec6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0297cfb2db80ea73e5083f330dad6fa6

SHA1
3dffd1b8fba7aa7a9fbef8416836cbf49565fcdf

SHA256
d54f62a069a7c41905caa0580575e84faff190ba60c4d89bddf36b8014707c92

SHA512
b9e9d6191f613e3c60aee9b4158c1be6b4debb73469dfcbcb936c619a6c3d7d44aeb83e78ee2d974e5be07d804d5d0293cf4e46e9f53bfbb33c6353fc7ff4125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f863b58e75b1145b84635eaec8e5195a

SHA1
de21d8f45095cef5561b7bd97d83b9255cde136b

SHA256
640adb83f9a975ead1dc3d8656f04322eee5192d18ee45f957ee6a5950792e0e

SHA512
b4725f4d480bafe8907e5e2e14aee11062d07cb04095ef3e874e9792d32d471b17b8364346f1ae78e63be1f84c3c42bf15211eb99a9a422901b54fd82480b173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
fa0e5dee22660c9a0b714d890e3f0a68

SHA1
7cd1a65ca0ea5819d08d031e3e8c616a901342a9

SHA256
b6e3d3a0a411420c583931a80217b100fbe32a2984ab3b29a6aa1ef9e53e4f8f

SHA512
51c87900db118a0b0b896e4ed6cc39262d5b74c2d30331b12b542628e1d104e1672b3591e6fe59ab08667637360b588617796c698d733eb5841afcaae1f3e354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
23297e185bf03ac89a614d481a9c15f0

SHA1
43482b4c117f07743f5955f65be69890f2b982fe

SHA256
36daf9595be1ef34e4c73c3dce520ae19775304c1551d38c5b208c7333c2340b

SHA512
3f7b00bc6f3c7ac2eb86097ba1143fb7cc7200300c28d35e029ea6fcb1a065ca8eea26968f91901e0fa4832df5d7a2e0b92e6f4f3781268062d35e1fd839023b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cfd4d242551911e78397a4d2a8e47284

SHA1
60dcd3108637dc6cf981ccfd193fb77524442fe3

SHA256
2477adbdcd72fbf009859351e9fe2e902d826ce81c518680cea2529241ae47ae

SHA512
722c536c736b63ff8ba1a0959f280b7d08d5f38154de247050fc118bba2926f1ce5fe9e1f2865a88256e02aa730b92c78d72c793fa9443ddeb43e2c2a47f4a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5813a2.TMP

Filesize
48B

MD5
fbe176881689ac3a72dfea641fc640a6

SHA1
cc4645f981e54e771346ac27b7f1e1b526bb923f

SHA256
839675d337352b210028fe38ecfc33a7bf47cb03144000b88395d8aa9d48d788

SHA512
e63b17db9532d7bbf579b070455a0b2d9291c3e34178974e1e44f8a1205d945ee42fcc158fd733fde8ae182b8fab2d0be13fd91887e00ec1aed27e30d911b0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9438e029d90545a470addf71cf7a7aea

SHA1
15d95c8e19df03d15150732506f0b59483d44e1f

SHA256
ac043dda19d43aebe8ca3b9ac033edc1fec8a0f938b5975823c0c596302f4ed9

SHA512
8e8972ff51e4d2fa479cc32a3404f69ab65209a3eb43cccfe8e4e792a17eb3fd84b24b7d9139f49e1ab555d1daf5156214f0c8931bbf6757cc7aeafee045e0b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
27662aa82d4b507f093c65bfc3e7665d

SHA1
8277ab7ba759fd7e6d07b30eecdaa5d65bd22378

SHA256
411488561a42f6d0476940534f0ae826691c35d7555a3878bc41496a94226ad5

SHA512
e72776a55edc1d7554cef2960ea3625172f773a5b7a813c1f52a4e600a7aa196d89feafd6665130cf12f60dce2237ef890d084ebd4b1cea63f0d720db1e48637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
1a8f302a369a01f0a5dc9e0658003747

SHA1
99c83b3705ca21af352f0dfb76fbf7cf17cb74e2

SHA256
066541864fb8efc18afa755f65eb56b37ef60a880e8156afc8fa5ca2de127d7b

SHA512
ee73f000d34744074f068bf57cbf723f663356f91acda3bab4332a35d513cb9d9444f556ef48a3cd652e1fcdfc4e73e3a705699d98598de471d68c72d22faf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
1309ad17fe4f376740067820b7bf5f11

SHA1
eb7b910d54a3b5d4e41f6ff1aacfb3e702005df9

SHA256
a45841f1ab29b49d820e496ba5a39de2788fa61af4364455ee0f5aed7a171564

SHA512
cb128e4e499a30daf8b5dc58e28188e149678e726723ca8e6708a36bbbd234bef9b25bd814ef8b5b34fc5702027a167b6fcbaef02a2a2ffe0f3c8f56d527f4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
6023c6ce068a463875006a7e01985fe7

SHA1
4d82565f4151039b0efb0be42d884b35db1139df

SHA256
a808fb85b783c7e74b68ab04345a99f179374b07617aef33293f8f70f9b799f8

SHA512
65503e5dc0ae014b3a8af040c7b32326fc814d7f5b14bf9d16e57b175f78a162eb99d051f002515c61471003ceb9512eb130bda1f769705e8d722e09b136571f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
8fc8f148b333c7aa3a7f7eb34f31116a

SHA1
a836f75ac90c8063fe5f36255e86c940b4b84fd0

SHA256
ffeae2493418216ac4c5a6ec394934d188926d9a3cda47573170d8211dbacf0d

SHA512
8f629239a8feb179baa23fb832a563a3d979f367fdb78f167b9cc40e116dde7fa73c4766f28fc7d3ac3c3fb2253cbd1bc2ef83242bcd7e2369de27f922f085d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit