hxxp://windows xp horror edition

Analysis

max time kernel
1196s
max time network
1200s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
20/04/2024, 13:53

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-20T14:14:17Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_0-dirty.qcow2\"}"

Report Analysis Logs

General

Target

http://windows xp horror edition

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 10 IoCs

pid	Process
2228	SafeMEMZ.exe
4192	SafeMEMZ.exe
2676	SafeMEMZ.exe
5152	MEMZ.exe
2928	MEMZ.exe
5716	MEMZ.exe
3704	MEMZ.exe
3896	MEMZ.exe
2968	MEMZ.exe
5668	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
213	raw.githubusercontent.com
214	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580953822949528"	chrome.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-834482027-582050234-2368284635-1000\{91737820-D046-438D-BC46-EEF90853546D}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 436397.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SafeMEMZ.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
4144	msedge.exe
4144	msedge.exe
3116	identity_helper.exe
3116	identity_helper.exe
1052	msedge.exe
1052	msedge.exe
4696	msedge.exe
4696	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
608	chrome.exe
608	chrome.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe
2928	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
5524	firefox.exe
5524	firefox.exe
5524	firefox.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
5524	firefox.exe
5716	MEMZ.exe
2928	MEMZ.exe
3704	MEMZ.exe
3896	MEMZ.exe
5716	MEMZ.exe
3704	MEMZ.exe
3896	MEMZ.exe
2928	MEMZ.exe
5716	MEMZ.exe
2928	MEMZ.exe
3896	MEMZ.exe
3704	MEMZ.exe
5716	MEMZ.exe
3704	MEMZ.exe
3896	MEMZ.exe
2928	MEMZ.exe
5716	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 1356	4144	msedge.exe	80
PID 4144 wrote to memory of 1356	4144	msedge.exe	80
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 1696	4144	msedge.exe	81
PID 4144 wrote to memory of 2764	4144	msedge.exe	82
PID 4144 wrote to memory of 2764	4144	msedge.exe	82
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83
PID 4144 wrote to memory of 4568	4144	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://windows xp horror edition
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0xdc,0x7ffd83a73cb8,0x7ffd83a73cc8,0x7ffd83a73cd8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3900 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,2795471480586802998,10143142523141011959,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x000000000000047C
1⤵
PID:1072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x110,0x114,0x118,0x10c,0x11c,0x7ffd7fdcab58,0x7ffd7fdcab68,0x7ffd7fdcab78
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1516 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4080 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4364 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4836 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4332 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3200 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Users\Admin\Downloads\SafeMEMZ.exe
  "C:\Users\Admin\Downloads\SafeMEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Users\Admin\Downloads\SafeMEMZ.exe
  "C:\Users\Admin\Downloads\SafeMEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4960 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4324 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4924 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5308 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4056 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4248 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1916,i,6937495575144474507,8155325702629863592,131072 /prefetch:8
  2⤵
  PID:3860

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4236

C:\Users\Admin\Desktop\SafeMEMZ.exe
"C:\Users\Admin\Desktop\SafeMEMZ.exe"
1⤵
- Executes dropped EXE
PID:2676

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3076

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2240

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4544
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5524.0.56342902\1445254040" -parentBuildID 20230214051806 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2881b66-e658-49b2-9729-729509079a7f} 5524 "\\.\pipe\gecko-crash-server-pipe.5524" 1864 191bbc0ea58 gpu
    3⤵
    PID:268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5524.1.150891457\1812187714" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c874fe-3ddf-4430-a65e-cc67224b541e} 5524 "\\.\pipe\gecko-crash-server-pipe.5524" 2388 191aef89358 socket
    3⤵
    PID:956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5524.2.315925078\889103789" -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3224 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b97fcffc-2a74-43a2-a7ec-e51126f75ca0} 5524 "\\.\pipe\gecko-crash-server-pipe.5524" 3240 191be7fa958 tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5524.3.1581987261\1918197452" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2880 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {919610b1-33c5-40a3-808a-1f872e72ac82} 5524 "\\.\pipe\gecko-crash-server-pipe.5524" 3504 191aef7ae58 tab
    3⤵
    PID:220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5524.4.238365006\1072068750" -childID 3 -isForBrowser -prefsHandle 5008 -prefMapHandle 4984 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2480377a-cd99-42ca-8819-acebd8d4f767} 5524 "\\.\pipe\gecko-crash-server-pipe.5524" 5020 191c3646758 tab
    3⤵
    PID:2564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5524.5.1172283710\286774759" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5180 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88bee3c6-c296-4ff9-a87b-379290b5f12b} 5524 "\\.\pipe\gecko-crash-server-pipe.5524" 5160 191c3646158 tab
    3⤵
    PID:3344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5524.6.936316152\635302656" -childID 5 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d200dcaf-659e-4f15-a9f8-e1950209ae16} 5524 "\\.\pipe\gecko-crash-server-pipe.5524" 5156 191c3549f58 tab
    3⤵
    PID:6080

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
PID:5152
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2928
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5716
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3704
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3896
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  PID:5668
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
49KB

MD5
e1f8c1a199ca38a7811716335fb94d43

SHA1
e35ea248cba54eb9830c06268004848400461164

SHA256
78f0f79cdd0e79a9fba9b367697255425b78da4364dc522bc59a3ce65fe95a6c

SHA512
12310f32ee77701c1e3491325a843d938c792f42bfdbbc599fe4b2f6703f5fe6588fbcd58a6a2d519050fc9ef53619e2e35dfadcbda4b218df8a912a59a5381a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
44KB

MD5
2b312fee4bff7fb9b399aa619ae1811d

SHA1
cf5e3270ef62ea6ce023f9475dbf7ed67e10527c

SHA256
fd5fb41882dfe849ea47547bf38b9abc435683d7473703b4cb37e8c28b1de4cb

SHA512
3a42c3a12da46656d8dca9b54651027873f42d2ec2e6e706a41b4b520d387f0c3c0388e3d117bd49174d7074079f3404c00b6141c8dd22d38ef1a257f52a9791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
24KB

MD5
8278023fac368f67d8b83512b48cf0f9

SHA1
cfbb90dea9e8a9df721806c7d49eff44166b2197

SHA256
1e62f0399a3c5a499b3c93622608d15d3948c3c335359bc695bf3522b03fd48d

SHA512
e04ba7a9402379c064bf5707a5fbe3e5ea6de978b1ad50d38f9b30bef47dbb761f0f8461de8cfaf7c33779dbb47fcf4df7fe387d12fbbf899f7530f6f63a340d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
65KB

MD5
c82fbaa7e5113d3ed2902a3500ec8631

SHA1
c9b4889980899c0f2aea9ac8d0bae28b59e6add3

SHA256
4f4e25ef0961b656039ed8628951b5ff6c0a197f8866374b5937e182b12ff278

SHA512
fc3227c51b9bdcf0917b040aeaa925795e153c7a78469b7e1c87717c1664f46208e5fc3e413f93724ef0fa94aea655db55f04c5a61dda0df737c25b75393136d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
21KB

MD5
a7a7ca950d4d410c9574817eba85c027

SHA1
f485d36c12ad24c9dc4c9f21f53497e3f71234f7

SHA256
8cb3b0932fe49c708bddcf0c525eea2b20d3d55b92566f29e6ba38085ab898ce

SHA512
2b762542c88962e0bfdb9286e3bbab96d041ca9157d6a640537ccb7fcb6502fd2b7868849c6240a116a986a64b367dac5098755543fe8ad7434c6580064ab1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
21KB

MD5
e9a5315fe482aa6a84b4cd461a41a5cc

SHA1
06833b57adceda1c91eaa2072d368c54fe4995b0

SHA256
6a00fd28670b7ddc6725260bf6cf4c345762edcc5e74e4eb77367b4969efa9c9

SHA512
86dcee3ad5c69dfb9bf6f0e8246b1bf2f95a27188c17e1cab7b9270774c37b8d0e6b2acfd33f144ba74d17c849299a9c750dab9c8f1bff09147befb7876421c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
26af530f691eb4c0c0a2920e0c585b8e

SHA1
cbeef498a6bcf61c74a251ba8ad2b8909df8f9ef

SHA256
fec7fdae3dc03d6ff574920282b403a08ded78c23694adba7cbb0db1dd45a5a7

SHA512
ff32be44502d1e4909e03db80e28e9fe203366bd66e28ab069d4e7ce54902cf8b1f414f4156ad14f4fff4d2bd3bc0e2422a846c162e34ed15cb0cffa7163351c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ffed65aacb54c0761bccd290e16370d1

SHA1
48277d502f6b7fea328c624e8fa302a7015cb14d

SHA256
08a5076b9889590a13f72d8045e42cafe03b2865977c2577039f428e6de5c8bb

SHA512
2d8ec4dac4aef8fff567ec0ed8bb19b23ef051093046bb8a4194f6022ed825b940161efd6d819db9a3e0cbe26fda455a0c3eb2f40426fe510dcf23f95517ba03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
190c7bdf2639a85511b9bddd38b3e50b

SHA1
3c541f6fd5f36c7835dd4d0d23c72d34afb698c1

SHA256
aa992e65aff0edca7bad697a49ec1233786ccfa881e295c5df66e8ec877e2931

SHA512
8947e68f04b070a6943e38e31b0ecee90a9a45d1a4cedab644de56190be3a62c23146988c9a2f2a06f9478146428fb084d1a5e7d9096c23a1a499e88dbfca102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5064cf3cd6bd51d56cc720a93c8ad92d

SHA1
3e4e8c94705774d63983caa7f11a768113318743

SHA256
842dfc393c69b74493d08a42f3403175ab14e8b81d5ecc5ec2860f1f8c652be1

SHA512
bef0dba9e4708d9315e8e0f6d07bff49f2dfb7dceabc2c72422de4f884d66700ef70d943d95362e3e5dd980075e6be6e816710285dc49ddb6dfaec52ca0fa692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
afcb175c0f6635c30de6ba53f0d57cc6

SHA1
d9256613bdb732e21cb46943eef328dfd692a5e7

SHA256
6f632356d96633483cfa79c7f8f5a4682134fbcd793c39261b61c5a67eb09c1f

SHA512
590e4846db83a55c0dc947603e2291090ac8aab0020ec4a0ec7566e02fe386c11477dcce8c0e1e7b778843544b2ace8835160086b7a35228b8fda073dc3e6033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
15018c5cf17de7e56f10d00d34d1be70

SHA1
477f9899eb428b6c3b3a5b5881e0142d5a3925ea

SHA256
1b3fa406241a4f9251c741e4b80e8de1838d8082a3e62cc3fa20a38aa76ec710

SHA512
d434c64bd4dccffb8e188de9451c8a559500520c59a23749f37067a9570a5f64359566979abdf5c4a99ddf6f5b0a6af061a62d8c1af3967925b22830676f3e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5e452687c14687132e9cb4ade09cd8d8

SHA1
44ed3706cc8382225462db449e484be6bccf278c

SHA256
e89fc9398b6081437a4b9a30bf53666f6650ee4a37b5ec96d211472967134f4e

SHA512
670a97cedf1860d881360b456cfed9cdc5a31336a7be4c96ce094bd41e40cd52a01b53c8b714eaf074f15f21393f0bd284e9acd57eac8408a38f31160b8f0d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
17c03a4a86a80d64e314e902a0cdc38d

SHA1
4af607ddced2f8bc37a65d47bf8ac090a8b9b64c

SHA256
ce63ebbf413cd81f8600fb57e9150722db9a1c89c278fa47f567280203279c63

SHA512
a2dc69ba0d7557ba2bf139b0c44d89d9dbde93d099baba345208f70a72b9b605551c16038bb25f32c033c9a6aa50ece7958fbc602c5a3ae0c06501c6a563f11d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
033f6fe42fb4974700a065ba59dc00f3

SHA1
6193ab5e718e3376eaf5d936c1344fb569b9a2d8

SHA256
e20c833eac9b2bd4c7d838889936bb7b87a9b0a6d64e92ecd2a5ffde3d20077c

SHA512
7c81d9c60de4cce0d1ecc165870e0664dde206966344f9514a936a7af986e3a12a72305a7d0298da3b01ab9fec9d3783dc7a5f01faf17407ff2076a88135b32a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
a25d4b436d99859012c6711e9e7aee13

SHA1
fa190ecda5be291242fe35664883b0136d5a37ea

SHA256
a3fd9d90c6fafc1e4da0abd64c530f88133a489bf2434b78eb6059d65d47ab20

SHA512
0701b05e0339691f8f7e75d3e8f0dbcee68b36a8ad0fdc1d8334a59c3c2c42ddce02c3c83fbf8cb3cd7634532cc8c079d2830f19e209e642f9e77fb408c42b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4df6b6b910f5b8255122a53a71b16921

SHA1
4ce4aed4af88994be39a1d5560d0b35d54d9b408

SHA256
659492b42136af4787ea437310e6114da93b1cacc46da044790a525e04f4cb49

SHA512
e4b4c4aa31b53dbef97ed0198f9f026932d635cc57a538da453009e913a7c25c003235f5f6e02812fb5aa4fd3e874ab2828fd6f44e0efc69fa650b32ee8861ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
473bc5716eae4fe23946e9cccd803159

SHA1
5fba66076e68516d80821a3c74706fe025fb82bd

SHA256
5ae27e0b66cbc5d8687a5669dd54d579d99ac93993d6f39ae84ea9fc6458fd41

SHA512
d8b66258a589d81bf60c336d57f48fc8a81b57fa70ebd1bcc274bb18003dcdcbbc71ac9721cd6b39cd3356d7072405965426629c5a7ab0d2a4188b6643034d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
593e58febe4a447c68380b9c721b4017

SHA1
697ecfe030bf3e8093084e3cdb44d2d99eb64b27

SHA256
9bad3f1b3867e070191c16f740dd0639f619a4974018a1733a964bfabc52f298

SHA512
8ec1ff81dfd6f6dbd4f856a87db86fd771bb5159d01ec4bd054f89d46382058583816f3bba8aa9c94cbcde8f6c6a24918bc50aa3468c5d00bdd196b90ebf3375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce157271b5643508ae2f65fe04895f4e

SHA1
cffe7df204fc1002e025c03498242b5f2aa2c705

SHA256
2f63b841f6df6f8f89aeb1ad09695406623812e65f8e497c1a10ce74ae1ff5ac

SHA512
0d0afff628e054729360bd771af5bcd938546dd6bcd32c2eb565eea0499d8a2d0507bd61866f318a6bf088aad6a4a15c6c042407daec4901e044bd7289e657bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ebe83aad6755c4012b763ab07d99965c

SHA1
1c1e578ec65c686befd0163ac131d69939a24d5c

SHA256
dbd47f786b0698693710460f31564de0f40724d917fcdd66c1dde40c2a60535c

SHA512
e83361ff1bfd8c2f67cc78b9b5c3d50e9049cf89125adb854de179e85f898880530c8db2bd6bb0d1d6c16b85c6e781ff02253e5a2637f7f24c7b691591b74a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
07bf356274016d5f55282be7d12c9fa3

SHA1
cf11345d7ecf50eefc875b20dc06b963d787c3fa

SHA256
21bdc13b1976361af5e64a6d3a5cc5c4271e801f33682e497a89a7fc130a768a

SHA512
d109b006760c850cfbf6c237bf6605a0ff07bb9295c8538f97cdd041e301f121b4372075151ada8b5551847780e03db1c0fef72c6687e5b78109820ce2927660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0b8c2790460cd4d2bc0909a3c328092a

SHA1
f857ffa34a33ff40f0d6762ff00a135343c419c5

SHA256
cb67ae4777d2af9b641b95a32582a3cb14c0c1064055c1947167d72805812a90

SHA512
2f2cee1bb04020cdaeb740507c9a21749161efa231cc6c9d6e4e6e98452f9fc4a45f2cd7d282ed5c515f1a0bffc0d77c93eb4e1743b428de66ade74c68a33faf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d98bdc061d643445d7549ae28e91f49c

SHA1
e040b7146e1966c71afab967c4a009aabe1ebda1

SHA256
2f86cf0df902305dcfd07ad20fd49bde816ee836379611765e479da77929bdd8

SHA512
c461e6d0c0313dc5eebcf1b72e7855a40262ddc014f320393b799e146574491a264e29c138ad6483ae4a8aaf25bac75bbc344bab179f5bff6074326d93fba903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bc5252a70d58497e85ec74cdfc6c8ca0

SHA1
6ba239a7eaa112be46d1250cf67a80f95049817c

SHA256
e14cdb940039d70059a5514b06808fc572988ab41a47b9ccade8391569704f5c

SHA512
9a1d5e5aabf31e5246654a49e1000e7549f494733e9c2b176ec7767bdc5eb4842d0881888d5639ebce4f68a98de1b6d08f49486d50506c5efdb74c195e97b493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1f44ef70a41383e3fdc4ee6c98457f17

SHA1
a7b74c7106fa365286a68b9ef35557831dee9d5f

SHA256
a16a4ec6cce5dc841b958a0d92bf7e256982cc10e67eb7059e76474c96a63501

SHA512
313c4f336cd2c4fb0c5d4500dda52a72350203b176a793cbfcb3bf2bd049e13e6f3b502a12eaa3870e97a2e90d43efb0d926ec0d0d9f7e2109e52ecf199c77a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e9b39fd111c053e5902fab79ffc2d257

SHA1
52f4b7bd43c4ed972112cd1f9df814365039a3a2

SHA256
5658951e15ac10bd8732dd5cc8b474753a1cd92351127ad6dd195f54575a9fd9

SHA512
10681a6742b371e3cefd9447f8f876b90cfb5d9562dc16427fbf1a11f5a62205fcad684fc247bd31bb53502538b7d7f2f542990f217c5e96fb5d441c01ab4aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
13069f90974777ea43e051b2c4dfbeae

SHA1
777f8877d114e3148b27cceea11d677df09a7e16

SHA256
11f9b75e2fcc0626ca4b9c310f7b2afaedea57aec86154d344aab83955bc896f

SHA512
977da6d623b316e3df585beb8d913a446b611c22dc72edd09711ad41a4be65d862cfed5980d16a90f462145b1e9e41c748b58136c64aa10d71aeff7c2ecce8ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
113B

MD5
bbf4b2065f593ef357fe2327121f21e2

SHA1
7f009ec9a8b2c0255322a9cf23a419c8149f8319

SHA256
e722c3bea4b6fc7ecb2ab26d28cb154265ac6866fc5958701754d84a90d4ff79

SHA512
eba2f7833843908b93efcee015d89f8c6d3292e4f015c5e7b7d6000326d5b87cb279ced0f765a01bd85d89560fbc9195e9ed31f5fa9a99d261760c544a61bcdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe68469b.TMP

Filesize
120B

MD5
acf4984bb84c5faf7c88f9b12d239d07

SHA1
8dc778e77bd977fd2927b72ffe2569d78bdc94c5

SHA256
35b64a59cf49c6d661c82a28ae683e2aa624ee8355314d2fcf3084418d0282dc

SHA512
a96ac7b41eb8f1f1099955e328bd99fe800bb2abc2f34eef50d869b4c7ce0008c629041a87774c9f31d199a4dbc8a47ba36187ca533e54526a775e8761ab37dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
72f43b97cc5907dfc38eed27e6aa7468

SHA1
1fa9ed95529c3f22e09909bce017ec8a0c646fa2

SHA256
e81fc6dfa772751bd88b07af7abc52fe752f55e482881539b4095632430105e3

SHA512
d61b58642bfbe65cecdacc917a829fddc5f5ba64ddd9a9be85247138d504c5d14af36c2d5f81b3a3ffd53d60cceddf2de4c1b33807883611aecdc1aa893d362a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
99f57087e876d38e8df74836e52df51a

SHA1
f0717effa261c851b99dde5fe17ae85bc38562ad

SHA256
6058584bc7b0557345544d96e561593031a13a6226b1466b25a0a5cbcdd0f513

SHA512
fbcd848306a5bc399dc5fdeb96a013a8eb351ea1bf9aa61f6a2edbbc60953c39fa996d0c879400c7b727ce8637297ec0de965b6f1300e252b00927756088742c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe600dcf.TMP

Filesize
83KB

MD5
5ce1aedb8483bc0a777193aad7db0dc8

SHA1
206d6514dadc26d34097230c1d2ca2a0e8e3cf0e

SHA256
f34e5c5f5894a12f507e5af730b8a65d88bc53e1237ee6b2ef489b75e1cb9851

SHA512
a825c3f273a57ce136c5cf8b0189ca20ca0a4d8aecaeab9adc8324fb7ff7ae9214f7b4a26a20233f9f7d3989aadb87cd31a6a9b7889710963b66f846a5150894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0fcda4fac8ec713700f95299a89bc126

SHA1
576a818957f882dc0b892a29da15c4bb71b93455

SHA256
f7a257742d3a6e6edd16ac8c4c4696d4bdf653041868329461444a0973e71430

SHA512
ab350ca508c412ff860f82d25ac7492afb3baf4a2827249ebc7ec9632ee444f8f0716389f0623afc0756f395cf00d7a90a0f89b360acdf72b1befe34eecb5986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
21986fa2280bae3957498a58adf62fc2

SHA1
d01ad69975b7dc46eba6806783450f987fa2b48d

SHA256
c91d76b0f27ccea28c4f5f872dee6a98f2d37424ef0b5f188af8c6757090cbb5

SHA512
ae9ba1abe7def7f6924d486a58427f04a02af7dd82aa3a36c1ed527a23ec7897f00b0e30f22529e9599ae2db88e8abc7ba8013b426885aa3c961ee74678455f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
36KB

MD5
373cd53c408180c939165335e627fdb1

SHA1
0e0978e79b93bc3df23d73c042f6b5f8c20ecdc6

SHA256
c884b19162a6f5a0cd8fff61c5ba35729a2bec074dee7f1b514f60a5abd77909

SHA512
906c2ab56861ab8a0fac560c3b508f69275eeacf294bc4afcc20c40fe1a0e8cbc16c7535b17ded0f3f8bbe4a336f2899139411708103a2f6c0d8bfe1be4d2a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
76973c26dc4cb2d1a86ffb1fdf3cfc82

SHA1
c7865204c40c140977870242af2d5bafdc6b5622

SHA256
566f2e7355a02fbe024aa3313eb890d5f50576cbd2261ca2d2bc5699883b125b

SHA512
6c04038102436d72a344322a62750ad19aad3e9fe9bfce2cd6422a561e0c8b024c2d41b4bd2d85ecc5a44851a214366ad59a9cdeb79df462968f80e12c219ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
aac04640acffba673e30b1fa053f7dae

SHA1
9244515c9e9b7f7de3ad03ab4967d4b1176038a5

SHA256
1c9681234cd7aa5bd0c0a54befd0b3769d6e4e261168ee90d1ed3b9a709d9f6e

SHA512
bdae161ee738f0e0b1ae3cb6bdfb774fd423206069d5d3ab8bc9e131f2e140183fe40e82726e5a3a7be8ded9b4ff793fb9d9ccb7c46fe830a10044ea8ad21758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
acfb1c3ecd17ff2013920e35c5e83780

SHA1
02418108ee40a3e83c4ccc27e537e2d7a88b33f7

SHA256
d2bd399302e5f41b35376bbc2a9ba0cdd076331671f1ccfdd76dbf11f5f2343e

SHA512
bf8b2d4bb78be848138ee2d809e8c78be2c1e812b21d3a9a9864d6157c01d05421919499350c9686b8faf9a08fee8a17abc3e1e22a697e6c210611b165a4f36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9fe29d3e34996c8da244962a63ba1b92

SHA1
7ccc104b0e70f699c15f4e7c308a1a13c2b00ac6

SHA256
d7694fca20997abb0e17b09917e9cefd7b2db680c8206e90a7404bcaf60ae76a

SHA512
537e367e1f17dd61baf0b54fc324c51b2140e86b79b2a8a208eef44d53add1fe8817406fd1c0d479c41ab38f68e2c923f15fee9ebf2c841a24d092a986ab49fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a5976d3ebfb668587943e8783aed54a5

SHA1
5c18bd1589c0259da98eaa67a8d2be6305096e28

SHA256
23a15950b482d64743e3798de22d70a0260a53be772bfd00c6d30c2fe32b25fa

SHA512
7aa1e8a3238d78893480768d32d8aca7f06b288a68070045d97deb04712dd7a0e603ccfd6ababaad48d3245e682a24c506fa498c09c0c46498acb209564a96b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2a87c45bdaa0695b40ad658845aac788

SHA1
8c3b7c731eb33c1e375eca5be0b0c735943b6343

SHA256
603fa2a73e7a4ee5c022ebd26155257eb7f3c941d263e76daba1e5a0fea9643d

SHA512
d78d17b853bd5d0230f96db18dddf20ef076162ca196a331ecff7c2903be927c7325b5037720361b07c9ca8cdf21fe76aba6ee60a955df5595296c9b1e302ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
906B

MD5
79875cfa1b31d0269cf638f69b2f8207

SHA1
f71a28ed11d6a9ebbbd520e17bfd6a0921810c74

SHA256
fe68a8401734177f7471695c00631f13fbe3ace04f0200bbec253dfa239ad555

SHA512
44da47719f55dab4e3df5195a5768fd38668d919992ba1ba75ba14758dcbb4c0b8e6b3d5a4db0d28fe46ec01f3ce1eb18613e4a44612414bcb4b7a7d0cbd8a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
906B

MD5
27de90208962f21bb2b8555552e0972e

SHA1
648e1b950aa14665e283024b47aa5ffa9f95bced

SHA256
30c838677323d2289c01196f609ca0ce9e4427e102ae39c6ae1227f31646581d

SHA512
bcf98efec11756ddf78a7abac1dc53c9291c9a8a9f92d7ffdff1964e98e8a0c0342c367cda400b0125ca295ad750c3a1cc8c6d8bd4c53eadc33fcf992f5b505a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
906B

MD5
7263f5679cabfaf431e85fc3b29bf9e4

SHA1
2b498144e857721dc9f66c1d65cd4c4af6243e5a

SHA256
356eeb87f0d6ebf5244b7e41806b53e59554e8f297efae72ba004e54391acb9e

SHA512
9dcd9371096a2d46a1f94ea4c90abdec39adb40d46ce7de0f4c6381e98de4801ee89f6f6d35df5da8df742d2896c31eeb696ac0a074cfc86776060b4f20b3836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
83c313ea72eba6497d2b4c94f1496b0b

SHA1
40a1d456e029ac1c1d63bef778a4bbbc541e8af1

SHA256
3dc91d53b6bb25abc70e93425a628fc82539bfaf2415963d67297abce617b82a

SHA512
d0f733ac85dd8d9ca80a97c887ecfdaa4e715c30c9cc1d78c73be681ae1ae40b9721e82d59c4299e9ee65971557c742be184f89778a86df513e729f6cc65a3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
832B

MD5
3934f6744084c0f70851c53ad8eb7701

SHA1
a3c69d75c1db89c45a00e5ec0f8288fa8b0c759f

SHA256
dfc031d071f6e2a0997a6e0b6cff8f3226a56533317f96c2017038d2d2db000f

SHA512
9c2e94e9e89445f0552e24c371a54e32bbee81e5dd0dd302bc72ef57cf56b6f0ee94bacf208f039a13709a3dbae15b32aaf895e79cfc65946685e4ee9a63360f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
099e129258c7112d60d759f94bb0a287

SHA1
91ce00a0fcc96ef858499f4eedcc59a10035794c

SHA256
0c6db67fcf33d10fc1eb45a5bfeb9f44dbe0ce9ed77fb3ce219bd889aeed8432

SHA512
49339f2843ac68deb9094d01c98fdd43f77ea9236fdc12a99d9d0ed58a11cbc277512a0ab542056983d7f6a8ef06cf6b18ce06251f3219768e1b93b432b9a992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4af2fc36c8ad9edd62c1d683450838c7

SHA1
439320668a564e777aa5f84e43b1991f14f88cd1

SHA256
422e633194e92e0120200e63a0cbc5abc746753fa6aff7ebb4702899938b6776

SHA512
b6baefec320030af83e921cc0c6813df13f4648f8db6a23be8a1ae686fc9d141a2d8350afdadc04c99a99cb1c5a1d08aade2c7d9751564ca079451cda9ca649a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4bc3d1cb5d9c937e4db48cd9de1cd1e3

SHA1
0c52b02f1b67f6620052c1dc9fd63ad81f21591f

SHA256
381c96474ac8b0b0c093ef73bf60d205c31194897b7c112a337744aea1b31bee

SHA512
b5d32c0c74f8a48e4cd6f107833718113a9262bbab5e79c2b335458f0b83bd8fb93e25b9e3d08d12f7c0ce685f540ec8812ee81ebf77794b2d83156e96c8056b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22b87daebfb0ec0f8331b590b382ac3e

SHA1
6d613f5749cbed7eb648dffe3f28f2289564abb8

SHA256
30e64b1cc692836cb6485767aad58546903b2412ac8a3b52926de85b74bb6692

SHA512
6752f800e379851c9ab87779dd2c37f5a5a49382ee148389cf3c4cefbba506c6a35553cb111dbb92281a9eacfe66cfd7f0819cc91560952f678c9d3e3eba39dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
594e63366288677627c7373e2b3b1066

SHA1
6421e5087d26f47f733a61924ec8f4cf96483c90

SHA256
3f3c67cf9eaae40344fba3bd52b85fb39d0772e554951bf71b2c5d99f0f785c4

SHA512
12ac19c7462c4e03495633d2eef56e4512c028ea7919044abdde9c6e29cf6d76e4b847152815b502218c01b3ac691784d5bb5cfdeb2bba123561e0d0a694ab65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27f69ea0af7f05d44a2b366e5c92c11c

SHA1
1451da7c28b0db922a21c95d173955dc51384fa3

SHA256
f151139b0437a0a27d4ab8713a7fdeba8a56bc12189216f382baa116bcc74842

SHA512
662019360cb23e2a66f30d38327df44111f329eceadd14d5668265b602aec122513b902191942a71ab3a9b9c4ac82e8fbabb0473f9af9886832fc123f96f6622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ebd98858687bf2b9b1ec4448c709375

SHA1
1433904290c69fb494c26ec7734580d66f84bcb1

SHA256
53df730bc082dc9606fabfe36860b532f9d796d91784a82e613a4aeba0c756b8

SHA512
1d3fc5aa62fbaf99ce145bf4d40a4aa421dd66edd7c1139c10eaef2c5e5124bf42c0f13cae7c3e9d04b42593d59f0a5fdb56cbe028ac1703eb31ca984971fbb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c1ed964427ae2a8a8e672da016d2a186

SHA1
5a61e0b1d8ae7b3c2c3306f2e8fd0bc35861f070

SHA256
28255a64463d02344d1c5b8480150bc946831f503750a234b334e3d57b502757

SHA512
6f1beeedc214f2c716e2f688612bf6d5e601e57d722082d0844ecf1b9010d2baca7edbb8999ffc841efad61ad5590dfbbfb90eed9adb529437722e0b7cf011fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
e7df6831a5cf3ee2a957b5bbda096038

SHA1
77d635922f5158123ccf85a280193eb5c201e7de

SHA256
efcbc70e379da858f23350cd52ca27767c6d668f4c2923debde0c42ecb670aba

SHA512
89d9fa1a0010e7f420cdc59b5c6129a22c1a334be21a24fa86f24a38f4e0940c602a173f43f5e435a34770e43de9f935d8fca44e889484d9da260f805ce3216d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
6493f2ef4db910366abe8cb80c863521

SHA1
e3f609c06829f6759d67962497030fbb4290c6b0

SHA256
d331aede1d4ccfcbca6799511471f47c7d361c882d7c7c07fff221db7865ab92

SHA512
24c8d3a734610265ea86648cfe17306368f6214fdef9a61bbe6f191222bec0386e704a88f0246ccffcf1f0df9039f41ad17891fab9b4ecd0e9b60e0b73cd3e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48b58a07ce8edecafdbf50a0b9ce1cdc

SHA1
9bfe2ea5fb57ac55ead7771407d9baec91d08327

SHA256
18fbdcf41032c455752c53407ee5638e1ae57571776a36a8046fa5796da9322f

SHA512
151ccfe6f3a4a4a5bce87f11c688378f3f65ddfb9ae941bbe78e54919f668e9cb0a9d97701ba53e224711e49f6d9c8bf4ce73aa747790b2ab9c396379a4cedfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
06c23edb94d156726e5b6f4a7773f88d

SHA1
65c7feed618106ab97cecec12365db652093feb0

SHA256
25e25496a3acfde609fb180e0ee9d2866c4425001be633bb59141940e642c4d2

SHA512
1db65b697d0e41280b8bfaa3911bbc0a87899ad71ecbdebda2bbe6db9dbbdce6cc7c28bf9cea409671095166a43938a049aa0c689717083ad9316dc5194f2659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b0261c5adf9c9ccb847c4f69c5430de8

SHA1
5e6726726b91b2032e0e066e2e431a1c19234e3d

SHA256
fac477959f7dc7bd853a667fc8cf2d55d48d8a164856ce21d6b0354cd97bb5fd

SHA512
8cd3153a1c1577934fb84b13f1c51bd2ab6bd1746a1bdd1f8daad63e09ab15097c9294cb3d72dba546a31816764fa77b45e0a4a0031241c715b829387721e94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58de93.TMP

Filesize
538B

MD5
dd2331da35593e15c5288bd67ed059fd

SHA1
1e9b4badf27242312eb3edac2fbf3eb59dd30b3b

SHA256
0dfc1e6adfa7956d3def6282e862234d9bf976cdf25854a73c2e46fbd92ecd13

SHA512
0de9049c3e76a4133ea4e57e8c262468a2704262cb7c472d7c4eb7128a954eb6041c2eaca0cd2163c7187b8fb0e362147ff4bbea2a9e04fde58f2b18b09d87f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b37292016a5195001763f878546d675

SHA1
0673fd4a86d0bd099d5938bb69c8a944ff0b3fba

SHA256
ca232012983284f84e994b24c8d80a2b20a37cf20405db4e8fee58239a9ce7f9

SHA512
140ff9691a107f164d74030f1052760cb5c64dfabff1aa2945ea8b0e7b7100a2c45c0613f5afc7075584a5460e62b479f3ff48f66c3549612ecd28d8b8d1a1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
288b7ab5525c0f6025910cf85d69e0a9

SHA1
1b0f206e7fcb181c471164a1342ca6e3d09d1f5a

SHA256
bcc420b922066d3bf42e8fad9d880059eb982efcbc45c9327ee99925c5f37b1b

SHA512
b0679b869ea2366a9ecbcd2f45c957811c6ab2b98b1b541f1b9d5e4a00d22cae1235cc690a0db2bedb6197dd2960ce1d6d63612cd359bb18c26fffb73eafbfee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b085b4472dd125626f9398d976f46638

SHA1
faaa23f6f6a2cb6aa3a549ca48f04deb0ecc3bec

SHA256
f87545600ae1c378a3cca3549d0464360093d14443a0bbab1f4e11ee11000f54

SHA512
a0a4f3b2f7001f03d58a117419bbbd72e82044ef76f05e41f6e51fb63c4b3ae751996294c79a4d622db8a1cfd21a4fbf98cb2eb43c3081d68ede3777f254334c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
1f49bc2c8473f043cb73ff274b9e951b

SHA1
f49e2f3333a2222df4d328976c88c00f26d9d2b9

SHA256
3c46d67f987d4458e1cae31bd5358469170406f716b86f1748c848526e44f1eb

SHA512
f8b3c1b6dde504d684d5368c43de9fad30fb82ea4ba1c8226cb73321bc5be2a724f76775ca66cf05c8afe8b615c1e8a36b7ef9e56a14deb80426b513e93d1fab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
2bb523437e090fa73ed4a0038bcfea8a

SHA1
bc0ed68eb63e0c057b453a88eaf1eb202a3d9dd7

SHA256
49ed488bb1354c85ee1d0994c7814f6c2dfaaf3ebe5d19c3fa428d39de411382

SHA512
6bef196ef7008a0802825cd0f6cd974f8da2509f892167788bc66759098786a945506e895679bc943b623fbcfed40c24c6004d84cfbafd93e65d13b29a531da9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
422d9a30023682e923ddb443752d28e8

SHA1
4560adedaf7c00fe7f0e1dd2c53db09cbdcee66e

SHA256
bcf78df7b71f45675b3147fb42c8cb2b057323758972b819e9ab3e91a192e66f

SHA512
f81d485e84ad151fc6fe6b2d10b3c7c96937a7f19905c266961694bcd32ab8b03b6e0dd096fdfe47ba1fb96cfb612fb4f1cfcfde15007b86ca637a5d8f505e37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
1bb1b848fdaa18a861cf58eb9d7c4cff

SHA1
00e231adc3f1ba94b17dc98d1cf4ddbbbf8ae5f1

SHA256
eaf0d892342fd1f28c9e43a4f792538092d2d9950316f48afc0539e7515e78ae

SHA512
ac7182de2c0b8da3644c72c35cbbe8a98a8568068d5776a6884f4b81b131071607a63473119bb96e8f0f49528879b7b994f44da8985be7521c285de50f261145

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs-1.js

Filesize
8KB

MD5
8add3d92a2d1dd9fce16f5183fba8802

SHA1
076a2faa3d476540adbb116130f57ef90a0086e8

SHA256
843dfd238f9492342259e4542d61a06471526512db501b606a81377e6a3dfe48

SHA512
aca5911a3197758b9382be0c5f99152e16c89d3cfdade8a6d835f0c60349f43ca7b1a0d71d63529b3d94e50930c8553510d6419acaf1d02523bcf76447baf3b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs-1.js

Filesize
7KB

MD5
fa53af577721651e6f328c04ebf1e591

SHA1
8d7860e7fe9cc39192b05c19142bf3da7e37920a

SHA256
ad25e5fa8cf59ca9302312ff016bc1649c810293eabf20a60d0891ec0359dd44

SHA512
b51106033f6c577df3f4a63e2a840418f999f4d8c9edbedbbcd6bfb7dfdd57eccf44d1fb71eb88813a37ea8d75c2c465f011e38b2316015f5a28355d9d55fd4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs.js

Filesize
6KB

MD5
98878a6d60b9c06b894a9b59b4638472

SHA1
4d951045d1439fa564110ffb64227cf0bcd9b9fb

SHA256
ff1ad8d85f0048461a6bed7ded1a826230820a720fc2edfd50cac9caa8afb9b2

SHA512
ea1b87c02359c82e4c08d11cb08e4ca2b5c187cd8385f46b57d4cc83e0a61cb8baed2de1d6425e7ec68c8c87ef4b22de30a007c9d213949a17162d07512e9e1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs.js

Filesize
6KB

MD5
c578768ebc63cad16bdae2db2e7fa328

SHA1
506d4f86a89ff7e60ec940e746cae7ad18d08501

SHA256
8264149a2e74fe597538ca67239918078d3da02d5b15c1e59e9ad6004716ba9e

SHA512
ae106faa08a43bd326accd6d2524196ed2c0e0c32aa3d6b29fa28d6d7f0f6b0f5774a9b966fbc294a6c342387823d9bc29c90f60cd10893b97d7bd39d69ddf11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d227a30b6b1090c32f27918e670c75d3

SHA1
ef1e5d134b5047b2febf3f4b60b0c9ea1d6f989a

SHA256
e45b7f7311d81514a85ca9b11b1790744e7bf9336180dce03282294f2b722795

SHA512
fb18230c7d4b0ac7166a723d11b780fc65bc6183bed955bf0cb1de847f96489c5b13520182f76c1b969f3aa86cd34387e63c9c83f7547c41171d3917b153c241

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
696KB

MD5
e1a265a63fff363ff8e4523179e55710

SHA1
6f896067be3cd1bfb7e27bba3926232193574092

SHA256
f10940ab7b1ac38d335cda5616084701288a60a875d0224afb324f87665fa9c3

SHA512
16a60ba900c4a16a4bae2af08b1d17df51e471144f354be2153294230a71634f76819fe0893a21bdb9e92c08e8b23905fd5b7ebff0d96f44612c107be4b7b1c8

Download Submit
C:\Users\Admin\Downloads\SafeMEMZ.exe:Zone.Identifier

Filesize
658B

MD5
d4360412564af81cda57e0b7157cb30e

SHA1
3a52ab18bcf114f07c86b332cda47e1effe6da4a

SHA256
56a105b27028cd35554533a04f841d825b8ebd26c72a4d57364c1089b3e0475d

SHA512
9929826bf2f8d1a9bfd20fc1c24436713c6acb0a676645e0fc9528dfe6960fd8fa4a283cd469fb4933cc2a5c31df4ae0d73459682f70d78d4a5b088a1300a749

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 436397.crdownload

Filesize
27KB

MD5
cffe1f958643d6120ca4b41ffc8c88cb

SHA1
6f65c3011fc96dc987411be51992ce40d411c890

SHA256
e6aebf723ca843c4c97532256851fd7bc6daf9d9acbcf5fff2b2135616f1e434

SHA512
2694ea6582521849d13a1dff07b9c30d5fe29ec21031bea0f683be582f7e949c7f0065445e7943c930c7906bc13267961b85b067c39f7ed12a9f87f3de922cc6

Download Submit
memory/2228-1428-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/2228-1409-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/2228-1378-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/2228-1382-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/2228-1377-0x00000000058A0000-0x0000000005932000-memory.dmp

Filesize
584KB

Download
memory/2228-1379-0x0000000005940000-0x000000000594A000-memory.dmp

Filesize
40KB

Download
memory/2228-1374-0x0000000000DD0000-0x0000000000DDC000-memory.dmp

Filesize
48KB

Download
memory/2228-1407-0x0000000074FC0000-0x0000000075771000-memory.dmp

Filesize
7.7MB

Download
memory/2228-1375-0x0000000074FC0000-0x0000000075771000-memory.dmp

Filesize
7.7MB

Download
memory/2228-1376-0x0000000005DB0000-0x0000000006356000-memory.dmp

Filesize
5.6MB

Download
memory/2676-1471-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/2676-1469-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/2676-1468-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/2676-1470-0x0000000074FC0000-0x0000000075771000-memory.dmp

Filesize
7.7MB

Download
memory/2676-1477-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/2676-1467-0x0000000074FC0000-0x0000000075771000-memory.dmp

Filesize
7.7MB

Download
memory/4192-1408-0x0000000074FC0000-0x0000000075771000-memory.dmp

Filesize
7.7MB

Download
memory/4192-1429-0x00000000057C0000-0x00000000057D0000-memory.dmp

Filesize
64KB

Download
memory/4192-1431-0x0000000074FC0000-0x0000000075771000-memory.dmp

Filesize
7.7MB

Download
memory/4192-1432-0x00000000057C0000-0x00000000057D0000-memory.dmp

Filesize
64KB

Download
memory/4192-1447-0x00000000057C0000-0x00000000057D0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads