hxxps://anonfiles[.]com/P2d6m03dof/PCPS_exe

Analysis

max time kernel
1694s
max time network
1763s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2023 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonfiles.com/P2d6m03dof/PCPS_exe

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

PCPS.exe

pid process

3524 PCPS.exe
Loads dropped DLL 3 IoCs

Processes:

PCPS.exe

pid process

3524 PCPS.exe
3524 PCPS.exe
3524 PCPS.exe

pid	process
3524	PCPS.exe

pid	process
3524	PCPS.exe
3524	PCPS.exe
3524	PCPS.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\24f9f62c-2516-44bc-bff5-6d206b1525b8.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230402202155.pma	setup.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4388 3524 WerFault.exe PCPS.exe

pid	pid_target	process	target process
4388	3524	WerFault.exe	PCPS.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133249392963224702"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{4BCEED3B-3848-43E9-80B0-4D7038896E94}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4784	chrome.exe
4784	chrome.exe
3932	chrome.exe
3932	chrome.exe
4260	msedge.exe
4260	msedge.exe
3188	msedge.exe
3188	msedge.exe
2916	identity_helper.exe
2916	identity_helper.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exehelppane.exemsedge.exe

pid	process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
2368	helppane.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

helppane.exe

pid process

2368 helppane.exe
2368 helppane.exe

pid	process
2368	helppane.exe
2368	helppane.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4784 wrote to memory of 4928	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4928	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 2244	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 796	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 796	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 208	4784	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://anonfiles.com/P2d6m03dof/PCPS_exe
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda72a9758,0x7ffda72a9768,0x7ffda72a9778
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:2
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:1
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:1
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:1
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3704 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4696 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:1
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3476 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
- Modifies registry class
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5328 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:1
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4632 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2964 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:1
2⤵
PID:4124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=964 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:1
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5952 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 --field-trial-handle=1804,i,9745354901296896665,11754463738646589588,131072 /prefetch:8
2⤵
PID:1280

C:\Users\Admin\Downloads\PCPS.exe
"C:\Users\Admin\Downloads\PCPS.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 1112
3⤵
- Program crash
PID:4388

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3524 -ip 3524
1⤵
PID:1716

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffda63f46f8,0x7ffda63f4708,0x7ffda63f4718
3⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
3⤵
PID:776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
3⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
3⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
3⤵
PID:1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
3⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
3⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
3⤵
PID:2228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
3⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
3⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
3⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6e8135460,0x7ff6e8135470,0x7ff6e8135480
4⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
3⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
3⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14312704848173324573,644296935227292280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\BitLockerWizardElev.exe
"C:\Windows\System32\BitLockerWizardElev.exe" C:\ T
1⤵
PID:3388

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7e982284-4e66-4511-bbe1-2fa1d39287c4.tmp
Filesize
173KB

MD5
6584dde20c472a2e8734f2c2cc3ff06d

SHA1
a06d7e8b2fb71e4173d69f9343c71f7e7ce8210a

SHA256
2f662bea10f1483183f43effe77aa8d6906478262d144c6eaf511852e903c4c2

SHA512
c6b64cae25e9f7d3ba5672dbeb0997c07293bab633f69da6ca85fe53a8907e105d2ac6bdaadb00a59099b6063cc8e7d419f70e6a48fcbc14b0b5ad4a7406ecb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\025bc8f4-a781-49aa-b83a-59a47735c1bf.tmp
Filesize
7KB

MD5
676d18bd6d69b7109b3082f0777ae854

SHA1
cec034973bb9350afe9a2cba8e095a784e61603a

SHA256
02177f00b6ea3c6e3c2ecf7392cef73fbd997e56abbf9f8d45d7423fc55f3726

SHA512
6c121720e818fcf5f790b46f32a56a36d1aa519ec1bc79ef4a167a4678f3fbe5daaab52f5f541fdc8a3c65830e110bbf44274c7041bf10a4e8d650928396ae6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
26KB

MD5
7f8aa1f2bc14e58093cbed973afa8141

SHA1
88c27b380b4c903e6115b8625991a011182baa13

SHA256
e36f1580b12ec6922cff8b0e0fe1d4f4105b42a30d20c0888f50cf195d74f6e3

SHA512
77f282bf043af92e204b454a6f93fe0983e08a1e424695e1f5e1baf31999957e310efbbafbdab1b2c1de6eef5f7c4ca48ffb49e8a9254311c61b941429063928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
00ed8d26443ec2616137203b6375a373

SHA1
de9e377d32917cf4c23645731f89cbecafb963c8

SHA256
6b32aeb999056baacd4c21ac8d1219c42fee8e8400daaef96e049aadb532befb

SHA512
949e2a85b88a2adbd3b5f6d6bbfe2f24d0265dc428fa91f681650edb9f7651b18a2d4fd172f50b32b9bc8970a5d49a5471c7ed77a1ea3ea38917ebc4bd4b8732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
22bec167c6bb6e43888013d54d322fbd

SHA1
e40422dc5d144e95795e8151af1f234d6f699591

SHA256
3188e2f4073c1c8357e3cf6a3cc948460605d00abba21f2fcff7cbffc62f1bbc

SHA512
d5db5138004bf9e22a1574b3aef5777b4cffaf0ed313c01a543bb38d9257eb21345ede37f12878eec4205ccc9418424ed57809d7af3e3ed5643987df5da76d53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
682c7ab843ab0e6d2fce35ef39f52e42

SHA1
c0822b9648dc58b88c34af58818a96626431ad39

SHA256
bbd550def62d03f878ea89e391ff939c9cc4e4cab93f86d1b824cc1d5d8b6e44

SHA512
c4c7bf32cf9b1e2a3e730fb8bc527ad88e7d5ef4d96fe8b81569be42d2159a90623de8bb16efc5ca53657f1f5fe848f8e1c18ac22dacb346a343321147935008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
2efba4e68f7b532d11d422d906f91038

SHA1
9004fcfb769f7d24325a8452dc95d1805959150c

SHA256
95a865bbf0a2a988aed29b3c67bca24a93f5294d427b9df0b0484010eccb1aa5

SHA512
9ee89ae1e8bea266c37cfdc2133b49cd2ac084e79b0949823e964623795ad51174d187fb78d59aa8565bf836e34c909107febdef129d35d40817962c143ef180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
b22f87b4608b11ab886446cb989ca670

SHA1
dd4f200eba1886de94e774f506cba33c369f6a35

SHA256
bbb782147f2ca61d716efbfd1ec1d3106692345b8b59282a8e4629022494b8f9

SHA512
9675a03fac1bd74d781fcc6886a8b1e1e95b96ca94fe0b99e7e353af16ea6e2ab9cab4f14b24bbbb64002fefe8e2ce8864ec05ab4eb24be1a2276089a203faad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
16f3a66c56278a66201e0409b2b1f5d2

SHA1
4ac04b6d89baff2de8f741e4bfc259c5472a60d7

SHA256
0c74e6df0965f386d13a95f79c66aad02fbfe538092bf46af2127853f7ff699a

SHA512
689fa35d69343e0600e189197f3594c9b392ac142bcc8f69a49753705ffd39c80926b02ded345742e28a1a6cb630f8b70822b22e07ea7fadd6625849c116ef7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
f140eca4f9f5b7d8ebb931ce6d6f31ec

SHA1
5764adb454f7deb66496a576d0deb3cd91acf6ea

SHA256
3d82d9db4c77d97db32f4684d55127ade62b0b065858a9a522288cab06ef0aa4

SHA512
dde1ba432421b96f382658c03f7ed6a4604944781f542730366598c0f40850d088b4a49d87d9d251db349475d817115531d07ddd34720b45f9a2e08acbfa137c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e42e03a641b92c3bf45b53f817b802c1

SHA1
c9ebc791ae053c16418d0df0e26b221362a42cdd

SHA256
5d1f5d2bbeada89d980862ed57c27276949f6466845b47f4468733a64c544f66

SHA512
7e15b8b00d2d46b337b7d70efccec834ea54add2bb78fa86a27ba5d2b04852a1327f0c39d0659fe3e0f3d1c57e1cb515e4d8c2281e2be9d041f0efc6769ff892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5363f778de94bac079627a34a16e574f

SHA1
b5332a9a320b9973af73b04a45b3f4f2f093128c

SHA256
e8224271b65819c6b63b554a51711cc45265d51f82ba1151da9abf09c6d4453b

SHA512
cc432834813612e49e3ec53c34c447c3c9ebb9adb2d0cf61ee19ea93ed32bf3486952329d6b947760cce71abde73d85f5e1926764bd0dc964e6c67afe76810a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ca6f730d27de6709cfffd9503b829da6

SHA1
9a84fe0f341f74c1930974086af5478f0f3a69bb

SHA256
17b67f8cb34f128ab8f7f2a29b31274d4b4c3049b09eb48983482f56137ec7b5

SHA512
d6d95b480c0a75bea1676c24f7782c7e3da82051d6e2226288117f950fcb567be38296cd046ad93d067cce80c85c652e719d00649557aafe5bbe32709a32a56d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
0ddcee10e1f4d6c1658992a8c2a209a6

SHA1
0c06aea1a31aa976817c33989ccd5829ec54a57d

SHA256
b015ccf0f46cc599be37197de41bc30f51747437186b61a255f1dcb8599d6eef

SHA512
66f61e88022523f76e28a59764305f3ad210eceaba23f43a951fa12792a63fab714621d5972a7bf75b7a53aced09dab0b11e352e4ea2fb7f86dc2930413bee8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
01163e06a1cd3768687dd42900f211e2

SHA1
0ec039c480b4af828da7a603310948c5cafb7c65

SHA256
dffdbd0d045eb03c99472d0bbc833d2d48703fb27e7e056e8fa496924af7a677

SHA512
ddc0adaacba6d73e68f4dcac4f5f4f4dee055ce6cf034ed6748ff469e7336b553d1175abab94de331145cc86353898e5cfed01cbc285c0c25552cbc0b260b9bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
4c2e8ff78c10a541f67d9a9afa7ea8a1

SHA1
f8312223907bf57d69aa2026c60fb15f98e1aa0a

SHA256
b4394f73632eca96c83fd0d05fedd74d551d330595e32346ca117d49a55ab90f

SHA512
5c3c5ad33b4636f5f417224998f04dd7487a0ab8bc1e1789613618ef33b63d9b877d998eccc7bcb47f2debadbb565b682ae80f956f0d4e8b17d27c2979eb4822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5704c3.TMP
Filesize
48B

MD5
528f57650fb2432adb5345550a3ec1fb

SHA1
503d8a6ca134e7f21388daa450fe1f5ca9c1d45a

SHA256
a96075058d2222dfad8d15ba57a0819984c9c441e9003e128da65f66084f087f

SHA512
33e51e968ec2fc1b8f3b360b6e01131e63c8d5545994a3d5a7e5feda9fb054390e4ed5ef6a1d0e6618a67b4991ec85aa75903848e990712836b11c53a1757d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
052a7aa43e58815eac4f4cde93afc6cc

SHA1
7373638e293570ea099ff8914d830f302e017753

SHA256
4df2e0e1b9f9db845ad0025a25ea4dcf155f21a27e64cddc1994808a32e605da

SHA512
8d39a5daa0c6506d84114f3f8c19df0059d2648b3ab1b7a6a29133c48c24f64576b3de08133fdacacd97b8b9a17f542602463cf230b9f0afb7148ecfbfe4d54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
235b9bf3f7150718f2c38c98cf8ee084

SHA1
6bbbf82a5cb4fbaefc96210a6ad5051888bf7bdf

SHA256
5f62945db9d7e317a677b672c4c4478d779eb4166f523fbcb727e8a2c702d395

SHA512
69257368513f3321180b289677ef4607fb26b2c16be1e2971ab40f87c6bad8e1b8ac9830c259d4dc750383b5e8daeb0a39f4cac6d1761028c2f6624eafb3578a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
581f93f5e4a4eb4973d3140700cc6616

SHA1
67fa4c09d3432520de3078dc3e77105d71dfef0a

SHA256
a4f826321eb13f284ba7574b418e287aa07e767b1cd4493eaac462b9df0c910c

SHA512
14a881e6296d78757b2d8a5c608921cf12853cd8d5ab5772a0fdff40bee78154ae84195e291d4634894a1c47f54ee440e4e6bda918134d49bb43680eedc9f991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
0979ce46f10090c285b8f82baf7c87df

SHA1
3d12fcb7e71a4849c595a2569f94a447fc323117

SHA256
f67df2eec21be86ed444aea94622edfdd5289184f2a85e4ed9bffe1e253af79d

SHA512
6d2ba5a4ff04410c2525cad83efad148c2fcf73c8bd99a499a709c2536d0b11f18b119c4bafa24944a57d3367c92b1d18d3a811fbc2d75a0425ee8f885376665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
235b9bf3f7150718f2c38c98cf8ee084

SHA1
6bbbf82a5cb4fbaefc96210a6ad5051888bf7bdf

SHA256
5f62945db9d7e317a677b672c4c4478d779eb4166f523fbcb727e8a2c702d395

SHA512
69257368513f3321180b289677ef4607fb26b2c16be1e2971ab40f87c6bad8e1b8ac9830c259d4dc750383b5e8daeb0a39f4cac6d1761028c2f6624eafb3578a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
e76999ba86da01e5b7bfad01faddbaca

SHA1
499b8dc22f4ea412aca8e62967088a28235dec49

SHA256
df1f21b96364aba5426990a075dcb7fdbfac16efc54b17788713fdd29572b4ed

SHA512
e1d2b47a9bc82719436a83e363ffa706051609401833932c0e4ee97dbb2f5684b64c6a0519c39d2e9a3a0e609a87a4ba821a099d3f278be806143badfc6cfabe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
23dded501dd2609379f1819b9a2bb5b9

SHA1
b97eae9c6f197f8858396925e1f0537adfc486fd

SHA256
ef2fb38fe0c0c192ca59bf49690dfdecca48a7116279049f64c633002f1ed36d

SHA512
c3dd31fd398fad843e661bade1ced70b7b3dbd56c288eee6542372d5c8c7b11ec0d48dce81d76a29d0b15ca1a23640193aa3d335f611acf5d082d47201d2f523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe677a91.TMP
Filesize
100KB

MD5
9f7d1cf94963eef67596a9df5f201143

SHA1
ea093e0cdfba16ac836b4cd037f66923c1d4f7ff

SHA256
0db75180e9d23838619e1ff6930bc00904d9c36c0f25e9423cf29a474346c036

SHA512
57c067cf9ec1cf6d3d710eb84e0a10001d31f2552372e297261c1801babb629255c78657355c2bad021b36436264db212a5b6a3dedc35e372574491373104efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
4ab2a95ebe40bea9888a45ad0b4a65c2

SHA1
8b7839e2baeba963342246e0ca8701ed721363bc

SHA256
60f53e0c84ceb8fc6b4bf811c2721182af7c9b4aad3110735606a5c147136784

SHA512
436b74cb629900f83f3d1acb2549c3d3c7ecb3f1384ed4ea4792e21a0b119d45c8cb155b209789d5fba9d27108809f0c73860af9ce9736b9260dfd9370962000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe698267.TMP
Filesize
48B

MD5
3abff41713579521aab7d154d8fb25f8

SHA1
782d19560ba8d62e0d5a9fdc03854c370b48c243

SHA256
68bf0a14606f95b38208efbb9a2346549dbab01eed888732c2b4b7641fd8025d

SHA512
c5839886edacfe8253c72f23d76c1860c8882c8b12ba1c15b3c398328ac070addda044a432892706ace4b73b9a8fd2e9fba92af93b82f696e464501cb7c9b5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
f81c984b6ad189f155354c6aa299374d

SHA1
8b527d0a5881c243325f777999e0bc078099bf2c

SHA256
b485bba252e8695fca7173af72fc6aa15af56495fcceef55612373a95fb334cc

SHA512
c6c7018d405dbab4f00796b2b8b78ce6efa5672ef0126338082314689a6b94a851996a795fc6d1cca1fd0c6a43109a213d636f1b752c4a358fa8dd99f1da55fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b4b52b4297dea5a80e013620a4967386

SHA1
8f060406c8b9b9f3b0c1e564a7bacfe4c964b7f7

SHA256
0a8634a82927da8a24b1c11aba394b3d2506b028f036edaa20d02f37b2725b27

SHA512
6ed227524b00ba50f273aaa7a3a34519c78b7e5cb474067241ffb452c39667e91e694421993a66c9eca2f6017e7cebdef8dacd34787c3a56f946b4710f58a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
a738cea60533d89496769896bf813a1a

SHA1
7bb6af344898255a973ede36102c4f9cd52b4a19

SHA256
0a5ba26c9d29c2686059e2ba0d1b62847106f0a37935fd9fe24d3d2cd1caf2bc

SHA512
777a9a0c6b1643b57eb3f1c43a9498f2bb8541c20f22933c2e4e6c0719a629ab74ec9b31970ee61f97070c352d4257c396296186a5c521bbcc08b0e494d55479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
88cc609036557e46139f399ab9c16288

SHA1
ff7a9edca7429a3977c2a5dc041cd48d776beade

SHA256
c1fd60bfccb36c18bda3ce813f369e7c83c9d3a6ef5c307a06faec3a1fc67b3b

SHA512
5a67badc95ffaf2124d7a72a139d5483c68b4ebd91c36b48f118aae78bc2e95057fa347d12cb1955253c9ce9dbb8e0b1976790295c2d50deefecc3b13d665c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1907c3c3e5638e30ad5b50154781c105

SHA1
5a4df6402d7c96d2d743addc6e368b4b5d45ad9e

SHA256
805a487c02d7c2b9db6eac40e2afe0995e2aa317738b9acfe89511996fd901ac

SHA512
6cfd02158b75d4473663d14293af0ec4180a52cc04e7fec5a3aba61890685b1fb21290bd2657d39f4c28c441f5291611a9750b09d4ea8333ab4038fa6a71e761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
34b1c80b01c849f4106650ce2bd7aab3

SHA1
eaebdf50edd92a047e491171e1ea6a342829bb28

SHA256
aa03de86bd1fbe5d899822e971455df828b560f9ca590f13c41ff4fc4fbdd39c

SHA512
bea4136346c9a871c6e48e04a3c1c33f0e854b34a2d55e0744fdfd2cf39e1e8aca18210373a0fce585200915259c18d3c65c4b2a6c96fb7943ed78b6d2118aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe69819c.TMP
Filesize
1KB

MD5
ef02f62f1e7eb17ce66f3572ee64ef50

SHA1
979d1e9bcb843c355bb0850be202933491284dc7

SHA256
5b049bbec86f9bd2fb09f540623cb19a7bd25b3a131b9a766cc68fd0febb57f4

SHA512
f7abdab4641b72a8934403602d505f263dd11d0e9abbf7675b93dfe542b7a6c0f112a0fdccfd8ad6ba1e33556531092a2fce616871cd33e719e124f60ea10791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
36d17841f3ccebd7dd57f3b795199646

SHA1
d22ecc2ffce3e0a4cb96b40d75f5f3323e264035

SHA256
671c6a80becc30a7a83a0f88226c67d994a37979425a108183a4684359328b75

SHA512
250bfa8279a95cd9b5551d5353bbc86e108bd63c15e9f466ce6c2767b98277176a1c7d6fdb51f4bd437caed1a35cfe3047c711b42f3de7e87dcf18cda89f4795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b954701e741fa46d39dd8f586019ce15

SHA1
53360d11f78c3418fc9ba575da133a4a82cffee5

SHA256
a3366fe27e53f5e323b828a3e3f3bd608fe43cef225617773c68bae5cf734d06

SHA512
1da53c05d37d9359df72d1f031cf301fbd295fba7493a406fcb11e9494d7112f244471acd720cde608231097602564adf4ba192ed23ef5ab25deb2d0e6e08ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcapDotNet.Core.dll
Filesize
69KB

MD5
45fa4315c7631b828e2871db89b3df27

SHA1
f34f3a5344abbb67a21348be9eaeba7831c7333e

SHA256
e580ca9c0382a8663d6bdff6e53802bd73fa8a71689d7f38521ca02269775a58

SHA512
1dd74a83b0435674d61e0e752e3d671334970fd7d235203faf1791c67965eee2324a7dd18e03be575138d3c3639d106534a084c3f9a78d37ff4ff77ead4cfd96

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcapDotNet.Core.dll
Filesize
69KB

MD5
45fa4315c7631b828e2871db89b3df27

SHA1
f34f3a5344abbb67a21348be9eaeba7831c7333e

SHA256
e580ca9c0382a8663d6bdff6e53802bd73fa8a71689d7f38521ca02269775a58

SHA512
1dd74a83b0435674d61e0e752e3d671334970fd7d235203faf1791c67965eee2324a7dd18e03be575138d3c3639d106534a084c3f9a78d37ff4ff77ead4cfd96

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcapDotNet.Core.dll
Filesize
69KB

MD5
45fa4315c7631b828e2871db89b3df27

SHA1
f34f3a5344abbb67a21348be9eaeba7831c7333e

SHA256
e580ca9c0382a8663d6bdff6e53802bd73fa8a71689d7f38521ca02269775a58

SHA512
1dd74a83b0435674d61e0e752e3d671334970fd7d235203faf1791c67965eee2324a7dd18e03be575138d3c3639d106534a084c3f9a78d37ff4ff77ead4cfd96

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcapDotNet.Core.dll
Filesize
69KB

MD5
45fa4315c7631b828e2871db89b3df27

SHA1
f34f3a5344abbb67a21348be9eaeba7831c7333e

SHA256
e580ca9c0382a8663d6bdff6e53802bd73fa8a71689d7f38521ca02269775a58

SHA512
1dd74a83b0435674d61e0e752e3d671334970fd7d235203faf1791c67965eee2324a7dd18e03be575138d3c3639d106534a084c3f9a78d37ff4ff77ead4cfd96

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
06f8416156d3c8123b55df46e54c00c2

SHA1
0a4c62a897d9506244da34f6398624cb8eed8d9b

SHA256
f927867df6bb5975ea99a13b4053bd1fa8695dc62d272e5fcfd14a342f7a21e3

SHA512
f899168e2aad208d1a4dd3b872dc88a41f4b35411f66a9352e2f6ee48cb49935ae95e5a30fbcb7a97c07f3b68761b9d8b3c688295f0c82e38de827782cb95086

Download Submit
C:\Users\Admin\Downloads\PCPS.exe
Filesize
2.2MB

MD5
e13e98817bdd828257882148e843b96a

SHA1
9cddb3b591e519de6294627f2d23a5b813de4ae4

SHA256
f6799d8be5da27e1006c31d3d67b8481ffea74f7f07bba503dea51a2485ab3a8

SHA512
a77953c55d00a62c0e09fe2b182cd6e2e65bcd99f762c49c65baba1ce8a80401ea28e54d455c8c5fb95d030baea06b632b6fddfa0c6300a174781c5358f48181

Download Submit
C:\Users\Admin\Downloads\PCPS.exe
Filesize
2.2MB

MD5
e13e98817bdd828257882148e843b96a

SHA1
9cddb3b591e519de6294627f2d23a5b813de4ae4

SHA256
f6799d8be5da27e1006c31d3d67b8481ffea74f7f07bba503dea51a2485ab3a8

SHA512
a77953c55d00a62c0e09fe2b182cd6e2e65bcd99f762c49c65baba1ce8a80401ea28e54d455c8c5fb95d030baea06b632b6fddfa0c6300a174781c5358f48181

Download Submit
C:\Users\Admin\Downloads\PCPS.exe.crdownload
Filesize
2.2MB

MD5
e13e98817bdd828257882148e843b96a

SHA1
9cddb3b591e519de6294627f2d23a5b813de4ae4

SHA256
f6799d8be5da27e1006c31d3d67b8481ffea74f7f07bba503dea51a2485ab3a8

SHA512
a77953c55d00a62c0e09fe2b182cd6e2e65bcd99f762c49c65baba1ce8a80401ea28e54d455c8c5fb95d030baea06b632b6fddfa0c6300a174781c5358f48181

Download Submit
\??\pipe\LOCAL\crashpad_3188_VJBGXRCJTZMZZGQJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4784_HMNUMYACMCMZMJBJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3524-455-0x0000000005DB0000-0x0000000006354000-memory.dmp

Filesize
5.6MB

Download
memory/3524-456-0x0000000005630000-0x00000000056C2000-memory.dmp

Filesize
584KB

Download
memory/3524-454-0x00000000009E0000-0x0000000000C24000-memory.dmp

Filesize
2.3MB

Download