pandastealer | 09a846ea5ba6332a6b891658eba7626da595a04c34bb2a43d650a1ffdbcd08df

Analysis

max time kernel
537s
max time network
549s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CollectorStealer.zip
Size

2.0MB
MD5

d7451e31ff76dfca20ad7ff211b1d272
SHA1

1a3ecbe97af6d628163ce4fcd7e9d18668fa263a
SHA256

09a846ea5ba6332a6b891658eba7626da595a04c34bb2a43d650a1ffdbcd08df
SHA512

4175d698574506ef17bbd7d7a63723a0a1c0563d858ca7b083232aaa7bf13af15facdbf87b44bb010cdd973e2b5282f7d5d62766e8091b09eebdcc705ebb8aa0
SSDEEP

49152:130B9wcSzZaEs8aEWf5cgf1ey2C7BulzbulzmHw7E9aut:pcEs8aVf5cgtedQBqzbqzmHEE9/t

Score

10^/10

pandastealer persistence stealer

Malware Config

Signatures

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Checks SCSI registry key(s) 3 TTPs 39 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133438495474777437"	chrome.exe

Modifies registry class 32 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3125601242-331447593-1512828465-1000\{BEACB72B-B7A7-4790-997F-9D0319CC9F16}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3125601242-331447593-1512828465-1000\{1C00643E-5FDD-414A-A34B-A4197D2C1D8E}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
4584	msedge.exe
4584	msedge.exe
1976	msedge.exe
1976	msedge.exe
5800	identity_helper.exe
5800	identity_helper.exe
852	taskmgr.exe
852	taskmgr.exe
1084	chrome.exe
1084	chrome.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
852	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5776	firefox.exe
5740	StartMenuExperienceHost.exe
420	SearchApp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2676	2840	chrome.exe	114
PID 2840 wrote to memory of 2676	2840	chrome.exe	114
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 2152	2840	chrome.exe	115
PID 2840 wrote to memory of 3132	2840	chrome.exe	116
PID 2840 wrote to memory of 3132	2840	chrome.exe	116
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117
PID 2840 wrote to memory of 1760	2840	chrome.exe	117

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\CollectorStealer.zip
1⤵
PID:1896

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe03309758,0x7ffe03309768,0x7ffe03309778
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:2
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3244 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3376 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4936 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3780 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4720 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5288 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3280 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4928 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 --field-trial-handle=1892,i,15816338138283691390,15927787887914021012,131072 /prefetch:8
  2⤵
  PID:5788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdff5446f8,0x7ffdff544708,0x7ffdff544718
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 /prefetch:8
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13202362114785028178,3279773102018477209,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5496

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5820
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.0.1459620307\288774683" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d752cb5d-4093-4733-8a2e-b98795860f3f} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 1968 2b9b83da258 gpu
    3⤵
    PID:4708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.1.103102576\110047199" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c22ad95-c70c-41c1-a8b7-a51f313c0258} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 2360 2b9abc73158 socket
    3⤵
    PID:2656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.2.573490233\605078353" -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3164 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d20905d-334c-45d9-ade2-4aae0e979a55} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 3008 2b9bc6ace58 tab
    3⤵
    PID:4376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.3.1934694719\1925721665" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad1fd882-4860-414e-892e-a3ae48f1aafd} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 3616 2b9abc75858 tab
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.4.445203929\2102102596" -childID 3 -isForBrowser -prefsHandle 3912 -prefMapHandle 3908 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af04441e-e391-4d03-b416-cb897fb0bdcf} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 3920 2b9abc65b58 tab
    3⤵
    PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.7.1107593890\951733116" -childID 6 -isForBrowser -prefsHandle 2832 -prefMapHandle 4320 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdb12f23-bb8b-44c1-b03d-029945b43ac2} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 5176 2b9be731558 tab
    3⤵
    PID:5968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.6.486778004\1588437596" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4912 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b4f0e0a-d92d-4c80-995d-d114c8e0143c} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 5048 2b9bd424058 tab
    3⤵
    PID:4540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.5.67357478\1127401289" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4888 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79e438f8-0e87-4aba-ba5b-20467e97e78c} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 5000 2b9bc7f1558 tab
    3⤵
    PID:4144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.8.579094992\2078947990" -childID 7 -isForBrowser -prefsHandle 5688 -prefMapHandle 5744 -prefsLen 26842 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1acb6e2-e572-45b6-8b14-7457567c5335} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 3800 2b9bea87458 tab
    3⤵
    PID:5164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5776.9.245815297\585908632" -childID 8 -isForBrowser -prefsHandle 3688 -prefMapHandle 4752 -prefsLen 27876 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edcf7e6f-a4a8-41c3-847d-1d9b6cf0edae} 5776 "\\.\pipe\gecko-crash-server-pipe.5776" 2836 2b9bcbcb258 tab
    3⤵
    PID:4292

C:\Users\Admin\Desktop\1012f81b764e19da221657cbf5c400063faef8f97d82ccc1c7b1bab0921aa85b.exe
"C:\Users\Admin\Desktop\1012f81b764e19da221657cbf5c400063faef8f97d82ccc1c7b1bab0921aa85b.exe"
1⤵
PID:5108

C:\Users\Admin\Desktop\7b92f03c104ecded53f06eb45ea31c6eec767fa328e571b79cbd804631f49b85.exe
"C:\Users\Admin\Desktop\7b92f03c104ecded53f06eb45ea31c6eec767fa328e571b79cbd804631f49b85.exe"
1⤵
PID:4980

C:\Users\Admin\Desktop\7b8253ce462a3a1f6efcb7a7d27b8320751e90db7afd4846545d8e823bb8953e.exe
"C:\Users\Admin\Desktop\7b8253ce462a3a1f6efcb7a7d27b8320751e90db7afd4846545d8e823bb8953e.exe"
1⤵
PID:5504

C:\Users\Admin\Desktop\431fd6d04bb3e1c1dfb5ffc096246c3321fd467a110433640823f9ea5c90751d.exe
"C:\Users\Admin\Desktop\431fd6d04bb3e1c1dfb5ffc096246c3321fd467a110433640823f9ea5c90751d.exe"
1⤵
PID:180

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\9b55a686ba73493380e2285d68b93a9f /t 3304 /p 3300
1⤵
PID:1092

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:4356

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5740

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
448bdf2f2f66fbd5bcba30e1e57e46d5

SHA1
cb8fe9613fdc864e177206cf371fcd8463d5aef6

SHA256
50bfef91abff691de86b3310a9a4adf6510cb675bada5ea1ea9f2b6ee32c3bfc

SHA512
c5048c508013653919a0d2f322dbdcea6b88312a6d77ee45ba7cc35da96214ad138e0463251cb08df01091270d3df22e6cffc7f9b0ad613748dc450350c9ed13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
969f7f6f229d5f49515c5609f4cee061

SHA1
7c9d0d20e809f5d313fa5cbe3c0eb06303605dd1

SHA256
96684dcf51485bdeb79136046a4abe69f026eefe6984f77e6e81329a99fd64bf

SHA512
a9db54c1c133b11d5f3551fe7f92f4fa6837d76f4776b17327809dbcf9bcba93ed0de22f8b30260b9a8fe4a24050ae4b67c8cfc88693af71cbd504083050050a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
78fef2b64cf51382ae0cb616e3c6547f

SHA1
a63173cd462ecf3225660d88a091e6e8c07bfedd

SHA256
3525975993940f3f32af80abd5069457450b547b1a21540294763286ad4cac80

SHA512
10e8fd97bf15520f50d054c242f928577d7e32e020a66c084a8aed7470b12c837df98371166177daaacd9c32d8c0597a0e24ba561acb19d9c03599099b7360ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

Filesize
46KB

MD5
8a629a7d84fdfd194ddad5fc946a6898

SHA1
2461d7d2a179b04df75dabe19fc8f0d32526a61f

SHA256
62eb81fa7a682387dbd0aa16a68d2086c2f5a12f47e6f7c15f1814a7ec0e5865

SHA512
325cec2416b0c29398daddac9b157b491b7ebf3b26dc61071de18e2e4646c586abe861519ecb69c74f3a8f5fde208a77a015abe2a9a93541720868368ee0adb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
32KB

MD5
7832c5db5178f01779e4ad081d3582bd

SHA1
3fc214354d5520c9bcf6d014585e324fa6729342

SHA256
83dd4698b652ff7334975952dea501390dc52af567a2b740eec92b3977526ad1

SHA512
f9895d0e2c69f659b915d40cc69b086761abad6e92cbeace3b44766260ad487b3c732da59b1d5df38ea92cff2f90aadb5d98347191ec4b69ef0cd6ce09137e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
23677d3a6f406be756271abff73c0085

SHA1
ac92b6c9553557027a840ae7dc224e8086959dbc

SHA256
671a7e37c524d1e71caee01d978128db4a9cfec3a9cf4d27f312199d374f478a

SHA512
2d1ab34de3be78e9b319c1bd46c2cd564a9a154bd060546df8da7d89e99533b0ec52f72e8c2f3cf9fc3d98fbfaf82e6dd1d0cb58c408c96d09a29cc8efb4df64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1490f5e5d11e035147bd10408948afac

SHA1
35a34de2844c5dbbcd06bff05d13d8f6103f603e

SHA256
62783670fe038c66ac57849049af7c08ac964e24786f1a400500f0e8503073e4

SHA512
dfe970a9f4204f082a7ae9e504bd4209199610792f3a95fdc6482f31245d9080040908ef3bd93dcdd15b97c30cb4104d6d8c3f4c7842cdb34514a6447691b5f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
4dc479b26773512345710f6d7bb9c770

SHA1
732c93fde68249e0d2861b4619628f46b2f0ec5a

SHA256
0b68b093b4e655409949e5a5d10926ef7b9e7c51e48e1e5cc3dc90a637a33bd1

SHA512
701e0b7bc62274a18519301608aaf0f62798d5f552fe69ff439a63a7aa5ba90cd80929cf855146851c737c035c9d4fbce7f9765b23dcfbba75dba3043cf48c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
53a2c7a71bc4f6d5ba855116493f59a6

SHA1
eddfc6c351de402a5d3d2f8294eb00a47706634a

SHA256
cac64155f4f923179f90605055d8d1e0ccd9c94b8fc9ce4e3993a3f363f65d3f

SHA512
96c9e3aeb48fe7cd765f304d7a5e1b2cf46f3432d666d2549e80bd1487a6db738ea1ae60a7d3cc901554bc1b7937c2b4e21b2118c26cca934dca3a0de82e33b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
fd0d7be36a9aff76b731a3d15dc9a90b

SHA1
865e2124f68fcc48d1d634b1412403c675708486

SHA256
256e3a7b1ddbb132c9eee8d2089c263e2e918189978afa965fdc0a0fef9ab6c6

SHA512
ed1f24c6078fa54e1f8a4540fcd91a385dd8bf5daddb84797e7fe51d66d90053a10bcd43bb4f130773ea61f0354b9576f8bc0524319567cae272fc4b7717063c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
eb86a3209d65e37984df5b3e2072ab97

SHA1
b3622c3548ec371fc2f6cf8379960d5f850b90a4

SHA256
895be21e4587cb01f9c57fad6006a02cf599c9e02d0c06073dec2cc519000f9b

SHA512
e7b4db7c1526c7d19552f2325471d8577ecf070b7d1a83c12668cb3179d15a7c79cb282e53e19ce97525960e842f6b30d1939029b604442976afdf31438c6529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
260ca25399456e9141a3be2d82976194

SHA1
47e4ac7065eb1237720d9d08cc4eee3959aa17d2

SHA256
1bc191a34d2f184ca5428f31b7df0b03bae1621ac1cf433a7d95a32bd69730db

SHA512
624fb4de0301e4e173b0826b62eb3b74599d75888aceb675fbcd034539eac2f64dfbc349e34ea4424d0a3b98106936bd7a192c57c1b5a167d0f7a56e0260e890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
947010f9a56c3165403cf6202bd987a8

SHA1
c8bcbf4f082f01bfcd1d0a2a7001101b3626aede

SHA256
d838f1a6649c8b249dd33d869f0beb671238654e92631f1cab0a41f1a11c906d

SHA512
d294547fc2b36fc27eef53ddfde0819dd77b1f93439e63653d5f414d206b28a81c3162f9c34bfdb854a825253b37a4bf9a6490dc459e6c4ffb1546609d644537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d6f6dd5f737155572cd9de00ec442ac5

SHA1
efdb6727a0fcacf3d5fcc30be417a0d03aaaaa75

SHA256
6251155fa141540f6ac6d03cb77468eca35477581620196b888de29e2fff563f

SHA512
0f97cc943adc656ba29e8da11c8335224fa0878fbe38e46b501d40f8640621be4b1e1332d7c590416836447c17082cb0018f731edbb5bdab65cee0ec93fcbdc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
edab5b124219754f1efdcbaf079fa93a

SHA1
8ec5f81f2067a4d5c4f377d2690c65bde2465c9c

SHA256
4523ba9e88ee81cbecf88e7a0aa7b1180c326ff456907f765b7cbb59d6d6d47c

SHA512
1388ece187e30e441a87cc3c605be1995fa55e0f7854d4d6f79655ceec82cacb5e6a3c961bd0603cd58d2ba84d8a9c3b59aa5f0b51ca54ba9b4fe7e95d026753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ee7aa2152fa79c8e3f9ac8a6110c539b

SHA1
cf3a4ae5b37d0676daec5c31c851f4dcba58b424

SHA256
7114f89a1ab128ac1eedd39f44412e261ce4ec2c93e09eb8c043fe17320bdf92

SHA512
1642abd354463e23bae79b95a4ad9cc3947af5eae6558f0940a83f569113de4762d14f12290e31930178d7ac58d88319a2a4f9b996a015bc170c76f3264e00d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
21c85b2267f4ac12660bdaf5e24a2daa

SHA1
44de4a05523afa14687cabc19bb347124a5dc1d1

SHA256
56bfebd1e7e7949c7c48195dd50ba7173776a62304a7e5b09ba503e73874e383

SHA512
7923dc5b2873a9fdfde19ce1b0aa807e1dfbf45e140fae977d17a501eff0e87cbf5d34b00eeec8fe69f6248c82e7a215d4b055c8718f26ea2897d3c153737c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
86b236662c5e9bebefd5fecfc1189b6a

SHA1
9dd1c99b3c343c39c5f27bea3557d52e80571530

SHA256
dc592aad5de899ca4b371565d303fc1c9f066c199395a6aced8bc7124568b846

SHA512
86d2eddf9ee6067366b2f850e7f0966df7426e97598acd7cd5358ff5168a18461ebedf9df829b7c7062c18be346c3af7860a85de275ce98b1358a22e05d5956d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
f4b5b7628815c15964f10cb48ed74849

SHA1
cc6950d756376f35d4949ab8c9f37826230e6117

SHA256
5df1d2a5c27f6d420b56f7586dc74d6ffc2d0457643e45c899f6d84dc81b22f3

SHA512
6f06a2ed4d06f915f95bd58fd5d7e10526757641297b0c7380abf18878c3a0668f75d5c6439a19c1c6b2e674d48d99e53424617ebf69d2f51fc2392626af646f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
6ab045555a0e2871306890b06699f0af

SHA1
3cc2a44dda69f73a5f6ff092c9cdbbc2f02ae685

SHA256
18d7303fd59dcab6456769d83b3b3c631db359ba56f604095ab64c91e6cec10c

SHA512
adfa18576d3fb5939ce8281166ec011447e876515db0888bc817f45b4a2bbb22251006f85e4a82d33cb05d449627dc6f0f26cd18de827d265d1306bd3f9578a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
6ab045555a0e2871306890b06699f0af

SHA1
3cc2a44dda69f73a5f6ff092c9cdbbc2f02ae685

SHA256
18d7303fd59dcab6456769d83b3b3c631db359ba56f604095ab64c91e6cec10c

SHA512
adfa18576d3fb5939ce8281166ec011447e876515db0888bc817f45b4a2bbb22251006f85e4a82d33cb05d449627dc6f0f26cd18de827d265d1306bd3f9578a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
1a02f2ef2081f7b3832ceb987809ad96

SHA1
bb7cf569e7ee7035446c2c39214aaa623a09eea5

SHA256
e9fb759d03ec2041d692f9cd3b60082e29a22a3cd4b7386093371b36947764ba

SHA512
f0b79acd487ad38c666eb122e2a5b2806657a8dde39c483d32faa57c7bf6c913fdf46dbd8dc4487d10b2ccf080174d455411e7d6bcaed6ff6055a0e43029fcec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c720b.TMP

Filesize
98KB

MD5
3ed2f119d408487a702b3c97ec84e923

SHA1
4ea2ce6397a5ffa1499e5d2fc4d4bba46c96ea0b

SHA256
ca832a08cd03389c563fb8c1022931222cbfe95988ad7980870b4f6b0c751fda

SHA512
50fd83ebb989a6b582f7c9f9ead53f5a77a2035ee1e7822761f5648d21316f8d36dfe3bef3d6f8359cda6105b87e0ff0a5f2fc8fa305ea4b382cb8d4cdcc0395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
99b0f1a93f8964e394a35898444b9929

SHA1
93eb2194d94933e69e25b1dc5eb0958e097d4c8d

SHA256
30f92ebd8af0cd83f5f7932e146811cbfbe1306307ca0c70a21e5f91644ac08b

SHA512
b7bd609cb629ba28b8439a177ec35742cc91c1a9cd53f791f2fbf00a182b0e52606cd0380c72b7f069287da2a29f8aa9ad33fe66c8b226630aa6c05b4928a0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
3f5069387c6b47c6db07801546e856c9

SHA1
a6f9fbdbf388f67162beea1dcf6b98debed37e99

SHA256
fb09bfc485eb43f9ea6ee4e9c15e16ae609799133c3c95ae0daa79f0a8d90994

SHA512
f70c0345b7071d21e3dde3a2e5b4cf05816c67a76ee328eeef0439c312de87be7175728f113af959c1ed5dbb395f7b4eadd57b6a271080ad36345c54c1a3b79c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
7046e5e767a5919d10da7289b1120df6

SHA1
85a1e1baa8eb7a007ef76912911b6bc8f410b97a

SHA256
fd6fec24e79b68bb4e78efefdce074d5036cea0314eb90275a1d9feea70e77fc

SHA512
0cdd8e76f8e86e7c023cf95218169f3a16da9394b3e76438d2f9e49a412a38ebb3d471df7d805a90c412a93a7c40da937afaab0c400c05da6ae0fe7ee8dd34e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
f613ad30dbc019261f6b664f0cc3ff03

SHA1
acf3cb3a8086557f72b44569a9f2f84bbb3add5e

SHA256
0e5302771356c486601f1b3e69e8d33d51eb1aa5dde9f1b9d604b7c166b33d31

SHA512
14371ba343e4a3297162d43554ce1c4ce8a254e10fedab9f7dad9262f0fbd2184123e3c4a63c004107cdfec699a26afe5fe7fee939f69851086c7d2c060a7289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
08efea432adb2b00e3827ad24b0840ee

SHA1
87820499fa3269d057613dd5aaff2300376d12b4

SHA256
e2b0f0b7af808ca4f3c4607ce962d30c77b06dbe88de02de06d8068431d02cb1

SHA512
ba8f15692f437446c1ea94975d1b6d5888b279a2b9160c6dd0705d5eb2800aebd5f324ac37805f703ebe8d099dccbcabf08e820c05599953ed3e60037bfc7687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
48KB

MD5
c34d16b60f50a814d8efff22402dcb6b

SHA1
d466ba44df23234b06458f180a26a86b858b944e

SHA256
8959e966038db064c6a5fba6160968c11339823e58663c759de3f4de62ad3cee

SHA512
0fe6d1e3732b7dd76911aa0089f468a1a356d3d977002177fb7c812fb063a893a6c41f0c1c292a18dc726f5dc006b56cd5ff30f9636064fd34e27151f7714fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
998b30d7f27396ac715d4243e461e575

SHA1
1fea9f3c8730b6ffb356fe3c59c833728cfb7bed

SHA256
bb0a2dd7ad432e16364ff1252b5e3c54bf3a222f769a8ecbe6aa2416f6304a2e

SHA512
a0c3dd358bbe3c12471d2415bfe348b27861153c6e73a691d85a8d7aa7edfab137f5101e77b9550a5d767957704632623828e34780a69b78ba2d264b88c3e631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2faa94707292b60934d251bf076819a2

SHA1
1659577c0bf9b3aecf7daa9c4807181e12305b93

SHA256
0e58eab9a45a87ffc335e0efec06486ce5f65989013a964a07eef2bffd91d6f5

SHA512
38d4bfa92e5125f5b9d842b0b39e95f497ef356c622fff18740e7045798c4bc00477881ecfc513acf634b353488fc31e22379d83849cfa877d648ce30a5ee4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98c7d0b2160356e4c07950b3ae8ff08b

SHA1
6cbf73d194e6c00c7ba4aaf58891665fb0f3ddb1

SHA256
e810a1982e9733bc3a07970018b847b117defc473802af3ede84abeebdf877ca

SHA512
a5c18319ced105552236eebaaec132659f0636026e94c9d1eb184e21354f7ffa8341d83f5232cd63468cc7dbc0aedf6cfcae80cf1120df8aa9887151f2874b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a82a5fe9a6cd1ec2e2ac6ad7dc9649e1

SHA1
5fa4cc2601ebdfcb78b82bf20f46583c696cf13c

SHA256
26ffdc2b7599a75b9a28f09b803ee16d749557e5bfa7efd58ede8d83712a9464

SHA512
c2d522a6d7a33b400d668181e3c040a82ebf8c28f0350380801192d321cdfda91e8785f898d177238b4970a0e331b347efb79741f512d4facd9e8dc33d816c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b42811fde5af1440e305a84f5939e24

SHA1
68bcf1878f8d970496159f9e3ac59c68dd1112f0

SHA256
c6d42b7383166c4d90beb035c022a01e5e39f3b1634ac4ca4de12afc7ee863f0

SHA512
cb164a083e705dc35563e573f467f734844b728f224837a23f08686e954f2a051e39437ef6cb8b623d34b106977c6974fa8eb52648ea38ea44aea7088cbd20e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22c30b946dcd3bd5eeb1eb255b7f16fc

SHA1
4f1a51e0baa8d133c830b4d753b17172b5c253ff

SHA256
3a75fb10f1b7fcdc5eb9b7448fa7f3aaa46fc311a4544dc3f9c0ff9d1961a8d1

SHA512
ee6b4afe418aad1e467c0f4df804a0e166acdaab1eef3bdf335c7a73d5a18125a4f22b889f4a8fe7028f7a61149909ba23cc5e0707ade794938615a30dd6aa0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5abf2b697e8dd5b84604867abd919ec0

SHA1
d08b6c0440cc9431d2453b8b7f739fb048e5220f

SHA256
06e20a313dec457f3e7550a4acfea70c3fd9c14dc0b85c78624d7e6e0da640de

SHA512
6ef231dee20b752512e8e8a1e2b61f28e4a732e8fdbb10797fce94da5a16374fffab493081c7fb83590056d0f3e868afe2e6aaef408223e56e1da5e277421156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
84fc0fd82949c650c9fdd6ef4fc15ddf

SHA1
9f797645f250ac8ba75374b0c2cdbc982ece35e0

SHA256
42ea1355bcc104ed7b9ee39d21a2139b0eb833ab85901de08dc758177363645c

SHA512
46211cd99bd56e11469dc632cf0a1471ce7b220ea0514b1fbbb8273e615e08ba46df987e55dfb46ed43628b88cf09dcbbfe5604867c316b9876126b9d4a858fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
10da09c154a7aeccf133f387663bf2ec

SHA1
c5d8842ce8bca04c3a70907ac2de4fa416614252

SHA256
d4c2a20ac6407aa1ca05afb2d4fad74fbe535c43ff3d85420d79da5564af7c4e

SHA512
04c22cbfa300a65aa7fe6fb38b67cfb72729633f870cb01f68fb20bc865020b51de32d3860ea8b43dff6c756cb5600f575d7777016d342fe6045b478e7916457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0f387d12c20339c5234e2316d12a713c

SHA1
73b98b3d21511d06ea8abbf435ca9e54a8da4008

SHA256
77b41399d5a717abf94c6b71f61e5c8330c838e5e5bce326940a08b349dd8497

SHA512
46b0c761fa00ef24d349884b138762c7f5c769ffffe9b10fcfa46823bbe1cee80f3ec991af0cc46b8294fac872c89a6b2823f201a59798d41081b3da61d71b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c47de.TMP

Filesize
370B

MD5
d22ddc4a8beabc89d026d48267b9ee04

SHA1
3a50ff5676316ae185c6376a110b3a934a4b1aa3

SHA256
d9a95e4f65c4a2926a5164416e669c0ce0276432672788d9ebe44fadd0f41173

SHA512
e1c08006499b57faf0c9a961b2d8ea5b050bf56fea1e2dd1c06adc93cdceb0d3420a0caba8f6788a6ca77d273acfccb0c8b4a1042d72e33ec78d844b47c062a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
53e470fb6a07ee54bd6e7ef053bbfed3

SHA1
ea465a122d805fa33020e17142e9d0f5d7976645

SHA256
f12e3277030db04c85d8bdfe41dd32678ecadd255f51f478f347f9c285a8a0e7

SHA512
1f221e7be723e15b88792d10f486f679e216198a4199ba7089ff90de9624d281213204caf91b46cbe4090a093e76596b583abfeacc1439caa6fc5eca4e7ff21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f61adf8861d2674094ca8fc995adb63f

SHA1
913c998912b158bb36478f0f07410197b6f151d9

SHA256
92c6cae3ffd80b97b0c5dcb34116d7d9c6c01c3a48fe3a047e30285dec1cacd7

SHA512
e83dc9b9d4ee57c73696dfab1a1e2661e15d42dbde5ec7566442ed2c3d564bb2fbbe48d0e7b609d37a07a7c0f84544f48c0ae362833fd1f2b5085e98cc9ac244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
974bf2fcf8ccdf611ba89a4a1e9e7eba

SHA1
ace1499e34866755d90f8bc040e6f7219e5c9c20

SHA256
e907cdb1e4a2b08a3bdb7ed967dcf09bb7d9624966aab7e8a70b3cb1dfe6afa0

SHA512
2dfad320c7e53e879627c837b44a3333688d5a5eed35fe3114f126a2c130452d78928c7843f66e0556289d55507062e16078db5fcf514a02a720d56d3f8350ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
390fb0dcd67c42ac7ed508c1b8547502

SHA1
316696b1da0653e3f3abfa5fd8b66ccad164932a

SHA256
e0c71a9fd43fba76220ce5bfb79bd3a55d716cb6d1f4aefc8e911b613445f718

SHA512
3baecaeeffa52e4a13f1d62974373bc6eb0e53212612be1f4d0ca95d103a780746c3f0440a8970f30cde8a6d01824c79d3fc28f52acd3c1d24dd9d38ce54e0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9d89fbef1f285a3460566d8fbe082651

SHA1
169bf1b6d26668cb17ab4366e8515332d6d94460

SHA256
c52b9d6c056810bb440a0748aac0012e6b36fc24ff691ec842f18560c533d0cf

SHA512
59bdc2325db2e3159d20a6c21ea086a8b14a1b1f8637ab0a9118d6221d4395719a68661d7114c89a1bdd91361a7774e319e6ef5607b85f2ba8e5840735505f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9d89fbef1f285a3460566d8fbe082651

SHA1
169bf1b6d26668cb17ab4366e8515332d6d94460

SHA256
c52b9d6c056810bb440a0748aac0012e6b36fc24ff691ec842f18560c533d0cf

SHA512
59bdc2325db2e3159d20a6c21ea086a8b14a1b1f8637ab0a9118d6221d4395719a68661d7114c89a1bdd91361a7774e319e6ef5607b85f2ba8e5840735505f28

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
5b30a8628392148c92582afd819d125b

SHA1
ea87731f61c5c5a531a31fe5a5e4007d92291d56

SHA256
589826af76635d3a5fa75eaa8788e8cc6026bc5c0a216d2486cc1c27edd0a6b6

SHA512
c2a3f12ad8038c26212dd9cada66386ee97440a0bc2f96ae78034b3815590803fcf71c7024f6379e75ab94a703809e733628b538fb4e8134890dbb17387dcf0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\51D52D298316CD3F9A90A40E946BB34EFA1BFB72

Filesize
13KB

MD5
93f2aa53b4950c4f910b9ecae1826b62

SHA1
f4ccc6fc8f6657454e3f60893998ade3aae8da70

SHA256
e9f07f80982dd57880dd4ab5fd49cf755f00f218eee8665b635796439a7b56a1

SHA512
bd58b298faa0c0553af5c7b3a891f37f2aa24c968bf8ca9710f1c35538106b60e2fc879fe5807b049721d6f4e6e4a7bff5ec294ba817368345cf2d887d9d6575

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\A77AF74A81B4E0E62CFC8F2BC0148D7B25E2940C

Filesize
43KB

MD5
070306d52694b00e004c75d8e9bc2242

SHA1
7eb779f385e6ee453eb7937bc002bfdc6686c50d

SHA256
0cfd0805eab545bbc09a788c111026bcec1e072abdd8b222bebb70089bfdab69

SHA512
244ad787ad7d03300680d5cdf2148523dd8b45d4f38ccf51f064313189fdf75825aeb2cf6c11d53b2908779df217eb00e67c48bbb99c75e8a2dadbf01801e837

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

Filesize
30KB

MD5
5a03fddf32cb222174249bfc44ef529a

SHA1
1dc181293f229acf90ee0079fe8e9d8ced67e4af

SHA256
818c0a93e3b1ec901f7e492c765e0889c9bbf1226baa603d721f3c208b1798ca

SHA512
76bd68576243ea63a8e30e124db70204140a11ed76fafdb0927c73fa4a65181eb605e1c0fc036fbe28789047782be7d4f772a8d33f75f11d01696a3007b619ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\ICMCSDGBWILIQSGLUUXNQ.MQMSJXHMOFMRXOKRCEJ

Filesize
90B

MD5
1ad730db9ca35dcde9c60ea2ce8c65c6

SHA1
bf40a63fbd2637f7b4bdb1bb5a3a23bc47fa9430

SHA256
bf08d4e69f651252745a88aa59da85cd67cc12e4b7ee4d1b695264ab16004917

SHA512
9b08cfda3573cda9b57f48429a9da89eac66c454ffa928f7f767853e23fbb9d816533b0a957c081a8f68b16964051132fc6b53167c12c0edbeb577a16c6aba7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

Filesize
28KB

MD5
f613ad30dbc019261f6b664f0cc3ff03

SHA1
acf3cb3a8086557f72b44569a9f2f84bbb3add5e

SHA256
0e5302771356c486601f1b3e69e8d33d51eb1aa5dde9f1b9d604b7c166b33d31

SHA512
14371ba343e4a3297162d43554ce1c4ce8a254e10fedab9f7dad9262f0fbd2184123e3c4a63c004107cdfec699a26afe5fe7fee939f69851086c7d2c060a7289

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

Filesize
46KB

MD5
8a629a7d84fdfd194ddad5fc946a6898

SHA1
2461d7d2a179b04df75dabe19fc8f0d32526a61f

SHA256
62eb81fa7a682387dbd0aa16a68d2086c2f5a12f47e6f7c15f1814a7ec0e5865

SHA512
325cec2416b0c29398daddac9b157b491b7ebf3b26dc61071de18e2e4646c586abe861519ecb69c74f3a8f5fde208a77a015abe2a9a93541720868368ee0adb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

Filesize
32KB

MD5
7832c5db5178f01779e4ad081d3582bd

SHA1
3fc214354d5520c9bcf6d014585e324fa6729342

SHA256
83dd4698b652ff7334975952dea501390dc52af567a2b740eec92b3977526ad1

SHA512
f9895d0e2c69f659b915d40cc69b086761abad6e92cbeace3b44766260ad487b3c732da59b1d5df38ea92cff2f90aadb5d98347191ec4b69ef0cd6ce09137e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NVRIUBTKSD.MPPLBUJYK

Filesize
92KB

MD5
86b236662c5e9bebefd5fecfc1189b6a

SHA1
9dd1c99b3c343c39c5f27bea3557d52e80571530

SHA256
dc592aad5de899ca4b371565d303fc1c9f066c199395a6aced8bc7124568b846

SHA512
86d2eddf9ee6067366b2f850e7f0966df7426e97598acd7cd5358ff5168a18461ebedf9df829b7c7062c18be346c3af7860a85de275ce98b1358a22e05d5956d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NVRIUBTKSD.MPPLBUJYK

Filesize
116KB

MD5
53e470fb6a07ee54bd6e7ef053bbfed3

SHA1
ea465a122d805fa33020e17142e9d0f5d7976645

SHA256
f12e3277030db04c85d8bdfe41dd32678ecadd255f51f478f347f9c285a8a0e7

SHA512
1f221e7be723e15b88792d10f486f679e216198a4199ba7089ff90de9624d281213204caf91b46cbe4090a093e76596b583abfeacc1439caa6fc5eca4e7ff21d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CollectorStealer.zip

Filesize
2.0MB

MD5
d7451e31ff76dfca20ad7ff211b1d272

SHA1
1a3ecbe97af6d628163ce4fcd7e9d18668fa263a

SHA256
09a846ea5ba6332a6b891658eba7626da595a04c34bb2a43d650a1ffdbcd08df

SHA512
4175d698574506ef17bbd7d7a63723a0a1c0563d858ca7b083232aaa7bf13af15facdbf87b44bb010cdd973e2b5282f7d5d62766e8091b09eebdcc705ebb8aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cookies.sqlite

Filesize
512KB

MD5
247b6191a3c4f2ad3774eb1597ad7387

SHA1
f6b563673b90fa30a2ed102055c88967de1a8b2e

SHA256
9036b55502400ced8a6f58af059d0c0e09cb4a47cd6baea82dbcf7798925e5d0

SHA512
b4b8316af0a781493157708e09d6de72529d47456bd6093938463f4d648fa1eb797e190bff8811cef3ed94041a0e3c109c4f6f062a6ddd81dc3fd61184008b46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js

Filesize
8KB

MD5
033d64d424da212d1e78e28803498852

SHA1
72c550c0c83632498fb81359486d221ee7e5eb91

SHA256
173ec48c91c8c2ec40d608c9ce90c63f0b9f62d3d7cf6940d4d290041cebd339

SHA512
4fa3ab992e19df2c54caf284f1ba2c0170bd95042d74021d1686ab5b9d0acee69afd9797dd73825536e4da4877c9874efd13c11734aecec9619726c26ddf4a04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js

Filesize
7KB

MD5
121381675971640f1f250b9590eeb477

SHA1
408748fa98f42917662b0d4c694d75a32707b58d

SHA256
41a95e27a70ff92359d3cfa33caac544d0faf8c21e473a79da4cf65449571da6

SHA512
fe9d45fd3baf78d2f452ee644af77502d5f64c16cc3062d0134e69f57e708cd0d04d46ab86c471d55d4430cf9740c6dc769ee3e466a67aa1bf58ae8f2ede79c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
842f3e10f961d9d6b25e2fb16bd1459d

SHA1
fdb5f8d63ed08c2a1cd453cfa328065622496301

SHA256
9334a7da3b3972ce56d663f726af21c4b210d9bb025b492e49b7ed33a64d071a

SHA512
a5430a47b72d51d2a2f3688013f069b89e30df9b02347b85a5b6e2e92b0b9022eed2fce50a20e256ded9c3b9d515885d38e7c38928f0fc2982c5af71644a5df9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
51892ab76b7d714fb69cf115ed3d345b

SHA1
940f88be5ef45af0c94baf048235559a6c5aae81

SHA256
7fce7ff3f4fdf0f2beafff21eda4f63ab851f1091a573993605fee7bfeee8e46

SHA512
1c7ae92d1c3911aff0876b2a97a0b9d3be016845dd49a4637734185b7b3c469a20b880daf6d9516865789135a3aae7184f1ee7d09791daec20b8a44141d154cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
52971900acba79518288820f8aed3fad

SHA1
df65fe7ff5a2152bb2c5ebbd5f6db47b2286e714

SHA256
4f36fc902854f481aff4de154bb00be865e34ff71007a2be742bd4dde7327899

SHA512
01b7bce97c8ad7dea110e31a809ec5e19796b63346ee41f3434503641d99d19a7e0a12f62336410d4e5d50707784fb701652b4a5cea053f50c8a2dd12766b39c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
fc9ed4cb392cdeab83aad3ce6be7c281

SHA1
ad981230caf99e0a57e521b270c2901471141ea7

SHA256
e0d4efcbcc30b2a39f4482e94df78d1f97a23c633b9a63f33114c863d0a2ac30

SHA512
76994e64237a410217b765de8d4b63f42e4bc0019be1380b08905f3ffd97f49bb03818f15dcf8f90bef446f3c4765b97a0cc524541d0c46880b66ffa17e6d260

Download Submit
memory/420-1033-0x000002B133F00000-0x000002B133F20000-memory.dmp

Filesize
128KB

Download
memory/420-1039-0x000002B134370000-0x000002B134390000-memory.dmp

Filesize
128KB

Download
memory/420-1036-0x000002B133BB0000-0x000002B133BD0000-memory.dmp

Filesize
128KB

Download
memory/420-1180-0x000002A931200000-0x000002A932B2F000-memory.dmp

Filesize
25.2MB

Download
memory/420-1059-0x000002A931200000-0x000002A932B2F000-memory.dmp

Filesize
25.2MB

Download
memory/852-318-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-319-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-417-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-413-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-317-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-412-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-415-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-418-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-414-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/852-416-0x000001376ADB0000-0x000001376ADB1000-memory.dmp

Filesize
4KB

Download
memory/5108-1130-0x0000000000F70000-0x00000000010E8000-memory.dmp

Filesize
1.5MB

Download
memory/5108-1138-0x0000000005A80000-0x0000000005B1C000-memory.dmp

Filesize
624KB

Download
memory/5108-1164-0x00000000060E0000-0x0000000006684000-memory.dmp

Filesize
5.6MB

Download
memory/5108-1177-0x0000000005E10000-0x0000000005EA2000-memory.dmp

Filesize
584KB

Download
memory/5108-1179-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download
memory/5108-1137-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download