032185876f05ee92ea39feddce819321acb8c4600b5d580396a7e5e29fbc82de

Resubmissions

21-04-2024 04:55

240421-fklzqacb2s 8

27-02-2024 19:38

240227-yctzgahf54 8

Analysis

max time kernel
134s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
27-02-2024 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pivot_v4-2.exe
Size

616KB
MD5

d3eefd47c4e9914b0628ce70eb8bc2d4
SHA1

e62be539433ebab0c86bd6838503fb7a8fed81a5
SHA256

032185876f05ee92ea39feddce819321acb8c4600b5d580396a7e5e29fbc82de
SHA512

5e6be0e425f38958b3a34a9e30ac41c68a90cb50b3f6a331e18864dbcd96c847f8455644d2cb22bb8eae662d35855ce1733093b3dae7cfd26c1a7cc83d7be4ce
SSDEEP

12288:1otU8AmKff8NWuJQnvv5Ehl3qRlWUFxuUN:1L8Am4f8NWuJQnH5Ehl3qlQUN

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5648	pivot_v4-2.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535363575015493"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pivotanimator.net\Total = "32"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{0AB9FF3F-2E04-41FA-9DC9-05E6CB9780 = "\\\\?\\Volume{AC3B6578-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\pivot_v4-2.exe"	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "492"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "407"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0ba851d1b469da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "2434"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "5348"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "282"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "23"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{0AB9FF3F-2E04-41FA-9DC9-05E6CB9780 = 0114020000000000c0000000000000464c0000000114020000000000c00000000000004683000000200000001d2feae2b469da011d2feae2b469da011f56f1e2b469da01e8a209000000000001000000000000000000000000000000a10314001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800b0003100000000000000000010004d6963726f736f66742e4d6963726f736f6674456467655f3877656b796233643862627765007c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e004d006900630072006f0073006f006600740045006400670065005f003800770065006b00790062003300640038006200620077006500000034005c0031000000000000000000100054656d70537461746500440009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000540065006d00700053007400610074006500000018005c00310000000000000000001000446f776e6c6f61647300440009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000044006f0077006e006c006f00610064007300000018006a003200e8a209005b58209d20005049564f545f7e312e45584500004e0009000400efbe5b58209d5b58209d2e00000000000000000000000000000000000000000000000000e117fe007000690076006f0074005f00760034002d0032002e0065007800650000001c000000a40000001c000000010000001c0000003400000000000000a30000001800000003000000d407cb981000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e4d6963726f736f6674456467655f3877656b7962336438626277655c54656d7053746174655c446f776e6c6f6164735c7069766f745f76342d322e657865000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a0580000000000000063746a776e6978630000000000000000ec905bde08ee924e90f2f0c9845fa235781e65a99bd0ee11a294fadc4285793eec905bde08ee924e90f2f0c9845fa235781e65a99bd0ee11a294fadc4285793ed2000000090000a08d00000031535053e28a5846bc4c3843bbfc139326986dce7100000004000000001f0000002f00000053002d0031002d0035002d00320031002d0033003200380031003900310033003400300030002d0031003400390034003300310033003500370030002d0032003300320031003500310035003600380034002d00310030003000300000000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d00000068000000004800000078653bac000000000000d01200000000000000000000000000000000	browser_broker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 70024935e769da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5ca4e9cfb469da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.pivotanimator.net	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1310"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pivotanimator.net\NumberOfSu = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "2434"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "288"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1520"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "20721"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "400"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "20753"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.pivotanimator.net\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000002b3ba55243596f9de51a54c7cc814c525b491fe1a7fe6288d0ba93ae54f27d62d307fa234893c515eb8cd3f36589f7a6d4fc34b374a984660a21	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "19656"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = c0d0fde4b469da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1411"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "115"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "2522"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "2522"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "19738"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{0AB9FF3F-2E04-41FA-9DC9-05E6CB9780 = 18d0bbe3b469da01	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\pivot_v4-2.exe.0wt4xc5.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
2076	MicrosoftEdgeCP.exe
2076	MicrosoftEdgeCP.exe
2076	MicrosoftEdgeCP.exe
2076	MicrosoftEdgeCP.exe
2076	MicrosoftEdgeCP.exe
2076	MicrosoftEdgeCP.exe
2076	MicrosoftEdgeCP.exe
2076	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3008	pivot_v4-2.exe
Token: SeShutdownPrivilege	3008	pivot_v4-2.exe
Token: SeCreatePagefilePrivilege	3008	pivot_v4-2.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3008	MicrosoftEdge.exe
2076	MicrosoftEdgeCP.exe
5060	MicrosoftEdgeCP.exe
1444	MicrosoftEdgeCP.exe
2076	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 436	4908	chrome.exe	78
PID 4908 wrote to memory of 436	4908	chrome.exe	78
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 1472	4908	chrome.exe	84
PID 4908 wrote to memory of 4972	4908	chrome.exe	80
PID 4908 wrote to memory of 4972	4908	chrome.exe	80
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81
PID 4908 wrote to memory of 2024	4908	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\pivot_v4-2.exe
"C:\Users\Admin\AppData\Local\Temp\pivot_v4-2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xb0,0xd8,0x7ffa8ef49758,0x7ffa8ef49768,0x7ffa8ef49778
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:2
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4000 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3440
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff63d287688,0x7ff63d287698,0x7ff63d2876a8
    3⤵
    PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4964 --field-trial-handle=1788,i,1806058271986871822,3469085761111174746,131072 /prefetch:1
  2⤵
  PID:4576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:688

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:3540
- C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\pivot_v4-2.exe
  "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\pivot_v4-2.exe"
  2⤵
  - Executes dropped EXE
  PID:5648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3172

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4548

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8c761b0e6c1e2bfc75ba122bb9273ffa

SHA1
3a3a8bbd133bfbb792105340b2472bcb83b1be43

SHA256
42320309885e2d254e9b6614068cd0360a5ddd42d29b6a7b680cb88ed26e014f

SHA512
ac7027fbd220a372d35728491dd89a51ca009fbc9e66ec260be6a4ffbb272650f396630ef9fd5092006424c6f836baf2d02bb73177c00a0084af6f1a5231819e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fdf85cf259cfeed53d96ade70dd4492d

SHA1
c7e6eb2cc4537e128c42d3f08c836407596f274b

SHA256
1e047374cc7fe5874cd59d9bd418e55ae27834a11c31080d6ee4acacbff95fc8

SHA512
f0d99feea418b230c897fcdfe70b2f9bf6545bf5e1bbc138d7d0aebba530e6d9793067548372103cdb424e895fe8a944aa6d8efbc3e0da5b9213928e6981d0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
24e89c260bce878d7d5d8ac99737128b

SHA1
57a9d50fd89c91bc4b5d081e8f1dba61c7dd1f4a

SHA256
4a9401e8a2031d8c5be7d55909654fc6a8a2841216c50c17aa2b3bc9062459bd

SHA512
44a76060c4aca480554180a1734036672dbe8c93648ade75a810fdfca00e7a0684dfc288b7ff435f095eb76f0c1ac42c345e14e08febb0dd46ace17331ec9922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
99c4fd87ece25a0597d7b89a48ef4b77

SHA1
518dc5b917535560d2b934afd32cc8bdd605a8c3

SHA256
7bdd7ef51af2fe8b78aaa24e620cef6a2c44f4bf4b026522c292dd15aee22188

SHA512
03bc48f15c18203f891e5e5c905a5f6cb30ca392e82b364bcc5520cad11fd54f1c721bd5670c9b6d384e6a29ae5d32d58c8027d88b28c21c31b53186230a10f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44c40d2d9d48aefc79b1d3fe0270b385

SHA1
a145064d48711d6f43de83d27cd8f17c516d5f73

SHA256
4f8aea999bd2be8b1381c4903277e33f4394b9a139e08a9341c43609806fd61d

SHA512
10bce09a6a8ca387293610250979a76b9782890b7414770f435352be293a890ed1d0078b111f8ace2dd17aa39aa951bb302e3006ee8b8d2a2d12322abf891889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a1236855abf9579213672745c044d2f

SHA1
e30ef89e04b8d73451836363d87ae8ca33c1df6e

SHA256
ca5d80012fe90db9a96cfee878bfd7469a8a97d57d599595ebece2a6ff97fca7

SHA512
afe7a91dadb4c0708d220e6fa44e47f1cecfb1bb0b0fd23a3f4e335afd6cc7405f325f77c6eeb640bf5f6307bcce81baa777aa41f2967085efcea0976933ebe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
94a4a854d1f428db93bd4d0935a92a4d

SHA1
55dc7915fdc163d3151f93fa83b0b29ab217a76c

SHA256
e41af969d5b4b2b9d7fb9e7da02363008b08e9e0c3819fa1f9c47278ee3fd052

SHA512
874660101c8b35814ded8a8dd7264989432039aedd03fabbeb5c86dea71a531f10eb46109f13ba18dd32979f152dc4ae9f7c0293712f19b5c99b67e905fd0700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
cd7e25c01d4be363e3d52d4e01ad0877

SHA1
d963b159da42e07931876c318e2bac9b3043a77d

SHA256
7f3968455db8bcbaa13994cd2d85b7f905b95d6153710e2e3efc14d12be96dd2

SHA512
cfaba27a30a541741bf812400fbb7b07118efe3be92c7d96f9a37327ba45f690f5722cbddcc0c7f48e185a8807ae6c80e5cbb9f31091978011c160383d3c5524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
187KB

MD5
ec8fec4be77dae09b8586052d9c6386b

SHA1
dc30f5c53db8975c951c10f6b323e0dba1d9c687

SHA256
5c451133d2bb81c874ca431840d98bc7f90dc6a07f0da1f497405083fe8c06c1

SHA512
8a93116292b5a48852e8389b989efb1dc533d9001109c380c2660045fd013e28a8c3399c79fd656d4f5eba03dba55ef508c4e28a081f47191f17136e2ef0a098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c07ed394c955732dc46c4c88c1c165da

SHA1
7ec540aba09ca620de4fee0c869c2e5f9b93082e

SHA256
b9907f1698a6c82e633b25b2b163403f7b0aeaf0fe489b6b6613961af0645b08

SHA512
07a8278e74fc9daa797a2224defb821415cf70d9fdefb90d0235561cfcac1239ab1df92427609f6430bb8e07261ccdcea395ee197874999e91e730fa288ec912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZP3JQEV6\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\base[1].js

Filesize
2.4MB

MD5
af9928d078e65ac2466a6780eaed24ff

SHA1
383c98bc57d94f27d5ba0e46e3c9ef4bb5715e22

SHA256
15f1f8471814709883bf18354f6fecce1cd4767abf718435c775c9c3fe45ffd0

SHA512
9171850dff0e2a9c4a6a4bfe6fbd7c78b7daba461cace69dc80af4cfa1442d27a9861034c4a0262be4cc8067b9d7206cb9ab5064f52ccf594735d2f224e0dcda

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\bootstrap.min[1].css

Filesize
118KB

MD5
2f624089c65f12185e79925bc5a7fc42

SHA1
8eb176c70b9cfa6871b76d6dc98fb526e7e9b3de

SHA256
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

SHA512
9cda3ec821c4ca7d2c98cc52b309dffce9d7ebf2b026e65394d6418dab8a8532b473ecd3faae49382c7450585743aac947d8e0e84b3c80fb83dae65c6032ea4b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\bootstrap.min[1].js

Filesize
36KB

MD5
c5b5b2fa19bd66ff23211d9f844e0131

SHA1
791aa054a026bddc0de92bad6cf7a1c6e73713d5

SHA256
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

SHA512
d9ef2aab411371f5912381c9073422037528c8593ab5b3721bea926880592f25bd5dfdec5991cdfe5c5ef5f4e1d54e390e93dfd3bca3f782ac5071d67b8624d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\mulvane[1].js

Filesize
1KB

MD5
394c510a598279890765749c9cee3930

SHA1
9df117dd5d2b4b0ac64a3f1e562c847ab3f68e7f

SHA256
d9af49c10c5a8062e5fde477550c3669bdbd09fc5b9d6eee319e808740744e7d

SHA512
6a22a17645040c1c25eb9288f95e3849daba1159d4b09ff5f1d85381d93081d235b6f0546bcfcb686828f1f3657696542dcfc7f6817299110c26edf7e8b1c029

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\pivot_v4-2[1].exe

Filesize
616KB

MD5
d3eefd47c4e9914b0628ce70eb8bc2d4

SHA1
e62be539433ebab0c86bd6838503fb7a8fed81a5

SHA256
032185876f05ee92ea39feddce819321acb8c4600b5d580396a7e5e29fbc82de

SHA512
5e6be0e425f38958b3a34a9e30ac41c68a90cb50b3f6a331e18864dbcd96c847f8455644d2cb22bb8eae662d35855ce1733093b3dae7cfd26c1a7cc83d7be4ce

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\remote[1].js

Filesize
117KB

MD5
b0de3eb2860ff9cc999b6c20f93a22ec

SHA1
d656bc08836ca23ba90260ab6e1a69699172e963

SHA256
c130d17ba288783743893138d66421b2c79b5fb13d1963851174b21517dd21fe

SHA512
6f5d9fbac35cc5360c0c59fb0ca6bf15ed3578a11964936e7f28de7d04d5492532ad19ec5911a406bdf9e89002b36dece14c12a8f19b3bac0643d00daf2b546b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\vista[1].js

Filesize
1KB

MD5
e2b7b241b452315e99f029fe0cea92dc

SHA1
de8c84e7ad58a0af30e61a5ab3a24fdc25d6e8e0

SHA256
4559f063977072488f6dd2c96ff11fa2dbfc62c9e26d1b8c2c80c48a85964ecc

SHA512
07f02841aeeaef915959e55fdf53c9d12c3e88896e59b60feaabd588c5521a590ac7762807a99a10280c41a8630849e7687ee88030082ab833dfda49ef8494b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\wichita[1].js

Filesize
2KB

MD5
5400d57d3c99621a705f935a7f03be29

SHA1
b1bebf7179d6fbcf789eae5bbe363e0e25245669

SHA256
1d7a77f24fc31abf310ccb240b2e0a49f2582823f990eef11a3abc37f286ea12

SHA512
518ff77ff1e97290737da1b3182be21836eacd863c797138c8e1400801242d20040fd2dc92c50cb067aca0ea25a0bf1ebca557007977988743bc3859d05ae372

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\Y26LIcmRz0EdnBtSjtN2P4pbrp4.br[1].js

Filesize
7KB

MD5
b3ca28114670633e5b171b5360bb1696

SHA1
683f2fb3d4b386753c1f1a96ede3ca08547f0e02

SHA256
a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490

SHA512
bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\abilene[1].js

Filesize
6KB

MD5
ee217930afee2722d26f490a10c68905

SHA1
3d747cc56565ed4ad0aefa39d2374d9ec92599c1

SHA256
c937400edb14ee9964073e72d1e9629d3bf554101b9914dd5d48abf15f7157ab

SHA512
edf56ee0e47ce4a8ee31b315d2aef0e0e75d0e98ff70a1d3cf61aeec60a0ed6aedacfc3c11c0c94f08629d814a8eb41e97fcce0915266d213cf8b119ab1b1d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\boise[1].js

Filesize
811B

MD5
e642dc932d5678bcf6d7fbcf314cc70d

SHA1
590f752acd9869c16eaabc153a6030bc2eb3e3c0

SHA256
092955f521559093671a2302925cf7e43be3c9c36a2f4c32a35c4d910feb6984

SHA512
84e51594193c13e5afe18a19955c27a01984dc04652cfc18582032acfba6206b6876e46b0b2cb1fd1fbc491bbc6b900fa2add1f587969964439616bd993241e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\et[1].js

Filesize
1KB

MD5
008399b5bf32f666787fb5e562f32e18

SHA1
165110d142f2e2d00d6f41ed206c5f3fc0ccd9d3

SHA256
2c34f09169d2a10e8f5863960e81575ab70f88b52f4bd3386ce5e41e73a94487

SHA512
f606c7c29c1fe4d9a5e9c11a6716f685122be93b14e8a69e31cde2bd9b23a9d0d06fbb05a7ca66f7733c668df4acd10e10a244eebfa5a2db0704955ae6cd1214

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\fontawesome-webfont[1].woff2

Filesize
65KB

MD5
db812d8a70a4e88e888744c1c9a27e89

SHA1
638c652d623280a58144f93e7b552c66d1667a11

SHA256
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

SHA512
17222f02957b3335849e3fe277b17c21c4aaf0c76cd3da01a4ca39c035629695d29645913865b78e097066492f9cee5618af5159560363d2723bed7c3b9cf2a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\glyphicons-halflings-regular[1].woff2

Filesize
17KB

MD5
448c34a56d699c29117adc64c43affeb

SHA1
ca35b697d99cae4d1b60f2d60fcd37771987eb07

SHA256
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

SHA512
3811804f56ec3c82f0bef35de0a9250e546a1e357fb59e2784f610d638fec355a27b480e3f796243c0e3d3743be3eadda8f9064c2b5b49577e16b7e40efcdb83

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3GV6YCG0\jquery.min[1].js

Filesize
93KB

MD5
f03e5a3bf534f4a738bc350631fd05bd

SHA1
37b1db88b57438f1072a8ebc7559c909c9d3a682

SHA256
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

SHA512
8eeeaefb86cf5f9d09426814f7b60e1805e644cac3f5ab382c4d393dd0b7ab272c1909a31a57e6d38d5acf207555f097a64a6dd62f60a97093e97bb184126d2a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPADNA2N\chanute[1].js

Filesize
21KB

MD5
84a3496289ece71b339ecd24a76c9a56

SHA1
0aa9386788c79ca2b40f4e613d578059424f7d47

SHA256
8cb6666ac5ca730743eb9537dfb26940c88ffcbf6965a5122760a9d1e46a1503

SHA512
da630e7e1740549bc7d379ab03843ee88501067c28edd868e8cfc6381548fef2a1165766a424be073329b7ee249d825780a48bd35913d00a536a94813ffeaf1e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPADNA2N\drake[1].js

Filesize
4KB

MD5
0e769c2f187d138a4ad480e3daa6bf28

SHA1
cfd56dddbc91e38537f7a8b61876a16947cec7f9

SHA256
8e2e9642ce4893f96c168bd664e248170d5de361db3ae3a0280089d72b29dd20

SHA512
25c5b7da81e372c344a61253dc887b335cf85f056c161b131526b9102791e30455f53d8d3f79a7b44f7a0380d80e4954f6d15b6541f7c69f00d12e196ffe2296

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPADNA2N\embed[1].js

Filesize
53KB

MD5
accf56537b5a2356b4ea5ce0e38d8e99

SHA1
ab29b61ffd838a9ab650b22c754b38413454da8a

SHA256
826c81e300cdcb6a7e48b1a35038b6209eceb6a552eef51e66b0f131dd1cd06e

SHA512
528dd0845bfb9ac4ed6130ffe3b4723953312891b026f1dfb319c2a3e1dc495f36af27ef7974c55a60e751df4d73165810e80344d27a268c6ee9aff694538273

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPADNA2N\jellyfish[1].js

Filesize
36KB

MD5
ddfc2eb37638456ca286779c97dfc1bd

SHA1
e0c5d62fe1978587942a33761e00a3464fbd195f

SHA256
dab2243d88112f5900a8e0cf9c23ee92c5377b2b3e970a78873dbdde34570210

SHA512
db9f72529a7db68794f4bc5ae65d7f12dc579a9068395489dc9341abdef3d1713b63a965766825169ebcd27d6a480ca286022db51e2f6844a8ce14968d3758dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPADNA2N\olathe[1].js

Filesize
2KB

MD5
faa3dc34ed61d26bbc6a940b6f80ba00

SHA1
6701cbf47c411335787ee747fc570e7fda5dd1df

SHA256
037d14ce96f27706386c4475d17d7e4e448247ad61aa33b8328d4968bb83234e

SHA512
e7acbb9ab4338de0bb7fe484c632a96e7280b1520e2f31d5e55846f850c285d72314e6d1eb3336f92780c8413b1fabdefc3892fce1155effd0ee4afea91d538e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPADNA2N\pivotstyle[1].css

Filesize
4KB

MD5
5f692c4ee28c747397dd96a310a876c9

SHA1
1011630f9782068c3ad163fc642571646853db4d

SHA256
b6ac10140fb86959e5c689636936e80eea0b82d081e1f4ca0d877172d32774a8

SHA512
2b89e5aa396b979565dbb7a7cb66825ee98e48cb8697a349846d2ff1116eee1671cc750e74eae8b5fba6f959362070817fd3dd663a1c2f807584e2ad0f27112a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPADNA2N\raleigh[1].js

Filesize
1KB

MD5
42639702af49d736558389d95dd4790a

SHA1
6deb088e5b413a086dd9a911a1661da38c006df1

SHA256
9fba7686001b516b0414bef328255eca729f278c1d14d324c8567733426439a5

SHA512
bb5f49ae5068b386d546295993b5e251fde7524009ab7c56bd81973de67c6717cdfee6525eb344503577e53ad0d4e44ccd45d936693a01049a4e538d01c242c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPADNA2N\vitals[1].js

Filesize
7KB

MD5
68b6c9114fdc8213a06644b0092869bf

SHA1
5b9d47602bbacff5c9268edf50780801a06acd3e

SHA256
4b894147b763542f6c62b74227307d03261af5237a0cd149141af6066a28fec6

SHA512
a1c9bba3fa00981b9443e5bd20556b14422d4ca1f123782b05727d1703aa53e87d9964943ae4a8c0b3be8681a447fadffbfea475635f0f0b504d522ee342a86b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O8OFVRQ1\cmp[1].js

Filesize
145KB

MD5
8860f28aa4dad53422ad2dc095daab54

SHA1
fd5f6ff97bf5b2d197b7612d502be6afd0fdd3cd

SHA256
7cea22e9d80f22071ae8bee9a188f5b88865c96df5ac415e59d96487aeecb1af

SHA512
dfa0c677f6311c561edc63dd1258c70f1cd2eb22f664e4084932f8a3b6865b2a02483b7cf4c0dab74b2fa1cb5d58ba04392e04a903494c1ff8f06c1656c38ace

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O8OFVRQ1\font-awesome.min[1].css

Filesize
26KB

MD5
4fbd15cb6047af93373f4f895639c8bf

SHA1
12d6861075de8e293265ff6ff03b1f3adcb44c76

SHA256
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

SHA512
f8be32cba15170319b5c9f663c6f0c4ffdd4083cf047d80f7b214d302b489eca25fbee66ddb9366d758a7598efc9b9a886b02c9f751ae71f207cb9db1356243a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O8OFVRQ1\tcf2_stub[1].js

Filesize
1KB

MD5
2077ac96432bf99cc1ea7ca15161d605

SHA1
ea356f246f2255a9ad45d96df40a6ee21dafb4f5

SHA256
86e721bb96c71af08a282151a6246606d325447fc603947cffb628265d7509be

SHA512
03a8b201ff8c7a90c11ef2416cbbe75c5fa3a07b230c1fb04610613118aaa37da927a93814e9aee7490bc31f5cb4110b091b4aac4f18e61cbda5e8b5679a85f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O8OFVRQ1\v[1].js

Filesize
4KB

MD5
a176712d86f0fc7ff23fa06d5f148852

SHA1
25c789d6fa062fbffbef65b2f248cdeaeb6ec60a

SHA256
7bffb76937a38acff4496bfb0654023f5da30997ddd80c84fb0286af1a8be303

SHA512
b6c4358fe32bf1901dacc4c6889ca2203d1f902234257e60bca0ceb6d06bb24561ba8b87048547d2c56ee9521dd41a6d4ab98d82c4eb1fda1e72ad8814c75868

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O8OFVRQ1\www-embed-player[1].js

Filesize
319KB

MD5
e9ed29de4d74816cf7566799efbdc4c7

SHA1
12e4b6be07f08a33aa3e676a5e0ee33598ab8885

SHA256
55014dbf69631ed5825be787f9c494ca876a9504a85a82fd32806bfe724be1c2

SHA512
2d1f44ebe548e5f6da0845302871e0bdb76386efcf155df12a74491894bf6329d7b4ee423106337e2c5eb77327d43ecd70a4183ad25ac0cf7ec7790dd0b8c9f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OG60X3DO\www.youtube[1].xml

Filesize
229B

MD5
6a567ed77f9cfc4ec599a210a232351b

SHA1
165fd8a31e6b0f0019feeaf9fbba7f6c41ba4269

SHA256
3a5f4102fc72810c689d172f4c0d44e3bf3db02a3b67f889dbf4aa1f5b036537

SHA512
f774188ae3456ae02623ae92a088bf935b7f3c555986358c2ada6c8a06ea5a3e2ae6770bdc5c454044b02531e6f63b10c17cd87e0bbc6dd2116076a54982fce9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OG60X3DO\www.youtube[1].xml

Filesize
8KB

MD5
b263509a63ab89b985627257eae2c557

SHA1
7ff6bd289fb5351d3bf514cd780b5693b0e2d675

SHA256
dd37edd6526d754595eba952be11fd6168338289bb0edc52c628094fa5df19f8

SHA512
9a5ef84a9264ee7f660cfc88d371c39101380713e7b5e558eb9f14259e9ace792b0d83d509ded7e3e8d10a2cce7b1c14f581b8fa37b4341f5245af3a52a01738

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OG60X3DO\www.youtube[1].xml

Filesize
11KB

MD5
445563f9eed762f57d33b18f3dd39834

SHA1
3c04dadd906ebe6a07ad03f80bfe0af38b878ac8

SHA256
73fb827a87cf0fd5b2c4f704a586c9de8caa9507b7390df34bf2001c82dabd25

SHA512
2ca142a372778d7d223e8c1c32c781c3831d5ea3abf2f87c9e118a7850bbaeca942d846e9294c48339ef4aa0a154f9921c2ce0d2b83ff94cc8aa0beec68b7579

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OG60X3DO\www.youtube[1].xml

Filesize
578B

MD5
df2dc96acabd03d21dad6cb4ac3535d4

SHA1
54ec6e26e99439f57b57d312347993df3ec2633b

SHA256
e9d16cf42469037f7025c60efb58633d9d02c77412634f52a7056d8048c5c4c3

SHA512
59eeea914af6f3cc6135e0e6ca61824fa4d94a49e4723559fb7e5639668fae571e2b98e40ae1f27334ee11e50fafc0ff9f1cc346f88208c2b11b0053658461c4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OG60X3DO\www.youtube[1].xml

Filesize
990B

MD5
2c0a7856fa457237d7f1f9a6db9285b7

SHA1
af193afb06ba61f23343c660ede0ecb3e2d8e4b5

SHA256
1b9711896dc5fefcb0e8126fcbda81dd181437df6056846d2f450761eb33f639

SHA512
87d9505f1f5278ebf7f2ad28cc13d68f21de3173ddc99e9290a42317de0348598c4c201cadea6ebed53aba60884e77be63b259ac862003875cad5edf917807f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OG60X3DO\www.youtube[1].xml

Filesize
17KB

MD5
3d76bcb8a07d754a2900489b36d966b7

SHA1
0838d089a7c9681c152001acbe810d336baf90b7

SHA256
a189e11e53c26f4ad270198430b563f59c88841601dbc1d0244bc0773d9d73fe

SHA512
ccf2baa3b20ddb8b3623bef7ed20e0356bd08bd253d5b4909758ac3472000d1d42b0fd71f7c5b5b5306b3cf8d1096bf2f5424f4957a11d591fdaf7d862669a34

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OG60X3DO\www.youtube[1].xml

Filesize
28KB

MD5
5baf8efa88bb23dcb0b29831f8f7a2b2

SHA1
2533e631190283661568f2152f4fe47d04b3a84f

SHA256
0c1f18a877212a020ac77958f0744d87cb42093a4f9920ee8bd36a2d719563cb

SHA512
d27b9881a347d01ac3805cb9f968f9a7bcf7785b63c7599f8fed9c906fa4fcd90de081430195acc0c7c23bb9e6ca582326c554b332a76504f11601a61aeb544d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OG60X3DO\www.youtube[1].xml

Filesize
29KB

MD5
4991bcf2d931a12fbd3b030ea910bd05

SHA1
2e2e5d7d8162e74c1d026356876a43cdf42a0299

SHA256
a70ff1a9d3d34d341054c7f2bab6eeb2b77c9f18a12988a52d53c32c0f5adf6f

SHA512
84800fc9873b1c6351764ada46e6bbbd378edafb0c09651ddf8ea31452f7b23aa0053e908aceafb761ecebf2bbf016b682c1d5fdb2737ff819114f3f6f462507

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OYVGC209\www.pivotanimator[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4JGF4SJL\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PNIJKUJ4\icon_pivot[1].png

Filesize
767B

MD5
09d1831b362fde94747e2bbb8e8cf4ae

SHA1
0224c4592609f63af81d972aa499b53a7fd1186d

SHA256
a42d1ce2b15f2b8779bde5654ecc728f531cceaaf903645b4cee8a340f75b8e4

SHA512
ac9bd3ef8b96ba97c84628b71d581211c6bb5f21f723a295774c37ca22d94f31381f6ca47bd4d5f93255761a29f5d8c155cab74390cb26d0d4ef899acee3a01a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XC8ZWT0R\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\pivot_v4-2.exe:Zone.Identifier

Filesize
188B

MD5
0ad783017f87bcacbfbd9e081aca6e40

SHA1
96f73baf715e19aea61f9f4f0f1dadf6c670b5cf

SHA256
74ffa96fd2bc3bfee5da1f88b77362051ff41a5a2ef2b4c61ce723f17e707dd6

SHA512
3b62336e11bd74a4f1e92a087c4e2712cc6eac1438c5a624beb161b5005a7fb0f49ce0a130cf686405a36e1c28ef8f40b7e01017bcafed30f92825dc9470fe94

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0P297YD3\pivot_v4-2[1].exe

Filesize
40KB

MD5
52c87002c9b5e1e400980b0222a068e5

SHA1
75070b22d7914f563563adcd03ecd5759cb4f421

SHA256
cc5d4c0a78570851523f950973b83f895846d79a8c45fac784faeafda1d488fa

SHA512
adeb9217bc27483429685d057a5cac66d879e1d601bd3213c1013b37e73020211b41a7a998b1d73ad1c88e91cfa24403f365749645df1acfabfb344c305150fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
313B

MD5
200236d124fe2d15a89bbb076b196d55

SHA1
2e8bd5a548c2485680f9f5b1b0283ac01c435082

SHA256
3894831fbd8b4c236b575d03afdb244644f097645ba1970ced62c1fb0e3f7100

SHA512
c54bac625776374d5d0a4fbd27c6a7a1d2b31435eb342b062fcdfe1175642fbc0ee936b81e827b05bed75dd2a9b80a1edfecc0c27fec7bf337577989b70ed73c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
404B

MD5
db351271b356174f01602f3f0ebef5cd

SHA1
e353da44721e1adc7ad458f299916c430bddbfec

SHA256
5a22da0e590a4eb5fc14dd1e0ae11a6d71e73e35a32a8b9f381705253a9b4ba5

SHA512
77b1a215fbc0dd4d11f79021fb9fba2abe6e8b142a73496680582a079641c859c9ec1dadcf427645c987a6bc15810abc6fcc49fce233e9cf872e7cf703b654e1

Download Submit
memory/1276-402-0x00000211BC260000-0x00000211BC262000-memory.dmp

Filesize
8KB

Download
memory/1276-497-0x00000211AADE0000-0x00000211AAE00000-memory.dmp

Filesize
128KB

Download
memory/1276-700-0x00000211BEF00000-0x00000211BF000000-memory.dmp

Filesize
1024KB

Download
memory/1276-802-0x00000211BF000000-0x00000211BF100000-memory.dmp

Filesize
1024KB

Download
memory/1276-920-0x00000211BCA00000-0x00000211BCB00000-memory.dmp

Filesize
1024KB

Download
memory/1276-404-0x00000211BC280000-0x00000211BC282000-memory.dmp

Filesize
8KB

Download
memory/1276-388-0x00000211AA6F0000-0x00000211AA6F2000-memory.dmp

Filesize
8KB

Download
memory/1276-407-0x00000211BC390000-0x00000211BC392000-memory.dmp

Filesize
8KB

Download
memory/1276-390-0x00000211BB1E0000-0x00000211BB1E2000-memory.dmp

Filesize
8KB

Download
memory/1276-395-0x00000211BB610000-0x00000211BB612000-memory.dmp

Filesize
8KB

Download
memory/1276-702-0x00000211BF100000-0x00000211BF200000-memory.dmp

Filesize
1024KB

Download
memory/1276-397-0x00000211BB630000-0x00000211BB632000-memory.dmp

Filesize
8KB

Download
memory/1276-399-0x00000211BB930000-0x00000211BB950000-memory.dmp

Filesize
128KB

Download
memory/1276-400-0x00000211BC240000-0x00000211BC242000-memory.dmp

Filesize
8KB

Download
memory/1444-346-0x0000017794410000-0x0000017794430000-memory.dmp

Filesize
128KB

Download
memory/1444-375-0x0000017794880000-0x00000177948A0000-memory.dmp

Filesize
128KB

Download
memory/3008-2-0x00000000013F0000-0x0000000001400000-memory.dmp

Filesize
64KB

Download
memory/3008-12-0x00000000013F0000-0x0000000001400000-memory.dmp

Filesize
64KB

Download
memory/3008-263-0x00000207251F0000-0x00000207251F2000-memory.dmp

Filesize
8KB

Download
memory/3008-0-0x00000000009F0000-0x0000000000A8E000-memory.dmp

Filesize
632KB

Download
memory/3008-11-0x00000000013F0000-0x0000000001400000-memory.dmp

Filesize
64KB

Download
memory/3008-7-0x000000001B870000-0x000000001B890000-memory.dmp

Filesize
128KB

Download
memory/3008-9-0x000000001B890000-0x000000001B8AE000-memory.dmp

Filesize
120KB

Download
memory/3008-10-0x000000001B8F0000-0x000000001B90A000-memory.dmp

Filesize
104KB

Download
memory/3008-8-0x000000001BBC0000-0x000000001BBF2000-memory.dmp

Filesize
200KB

Download
memory/3008-228-0x0000020725F20000-0x0000020725F30000-memory.dmp

Filesize
64KB

Download
memory/3008-6-0x0000000002D20000-0x0000000002D32000-memory.dmp

Filesize
72KB

Download
memory/3008-14-0x00007FFA8E580000-0x00007FFA8EF6C000-memory.dmp

Filesize
9.9MB

Download
memory/3008-244-0x0000020726740000-0x0000020726750000-memory.dmp

Filesize
64KB

Download
memory/3008-1-0x00007FFA8E580000-0x00007FFA8EF6C000-memory.dmp

Filesize
9.9MB

Download
memory/3008-13-0x00000000013F0000-0x0000000001400000-memory.dmp

Filesize
64KB

Download
memory/3008-5-0x000000001BEE0000-0x000000001BF92000-memory.dmp

Filesize
712KB

Download
memory/3008-4-0x000000001BB70000-0x000000001BBC0000-memory.dmp

Filesize
320KB

Download
memory/3008-618-0x000002072C560000-0x000002072C561000-memory.dmp

Filesize
4KB

Download
memory/3008-3-0x000000001C250000-0x000000001C776000-memory.dmp

Filesize
5.1MB

Download
memory/3008-630-0x000002072C580000-0x000002072C581000-memory.dmp

Filesize
4KB

Download
memory/4548-1087-0x000001D2C1600000-0x000001D2C1700000-memory.dmp

Filesize
1024KB

Download
memory/4548-1126-0x000001D2C2000000-0x000001D2C2002000-memory.dmp

Filesize
8KB

Download
memory/4548-1110-0x000001D2BF1D0000-0x000001D2BF1D2000-memory.dmp

Filesize
8KB

Download
memory/4548-1108-0x000001D2BF1A0000-0x000001D2BF1A2000-memory.dmp

Filesize
8KB

Download
memory/5648-2069-0x00007FFA7CEC0000-0x00007FFA7D8AC000-memory.dmp

Filesize
9.9MB

Download
memory/5648-2070-0x000000001BC80000-0x000000001BC90000-memory.dmp

Filesize
64KB

Download
memory/5648-2071-0x000000001BC80000-0x000000001BC90000-memory.dmp

Filesize
64KB

Download
memory/5648-2072-0x000000001BC80000-0x000000001BC90000-memory.dmp

Filesize
64KB

Download
memory/5648-2073-0x000000001BC80000-0x000000001BC90000-memory.dmp

Filesize
64KB

Download
memory/5648-2074-0x000000001BC80000-0x000000001BC90000-memory.dmp

Filesize
64KB

Download
memory/5648-2076-0x000000001BC80000-0x000000001BC90000-memory.dmp

Filesize
64KB

Download
memory/5648-2083-0x00007FFA7CEC0000-0x00007FFA7D8AC000-memory.dmp

Filesize
9.9MB

Download
memory/5648-2086-0x00007FFA7CEC0000-0x00007FFA7D8AC000-memory.dmp

Filesize
9.9MB

Download