hxxps://cdn[.]hyperbeam[.]com/hyperbeam-next-0[.]23[.]0-x86_64[.]exe

Resubmissions

25/04/2024, 14:05

240425-rd11vabd5w 8

25/04/2024, 13:52

240425-q6nqjsbd57 8

Analysis

max time kernel
94s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25/04/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.hyperbeam.com/hyperbeam-next-0.23.0-x86_64.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
868	hyperbeam-next-0.23.0-x86_64.exe
4060	Hyperbeam Next.exe
1356	Hyperbeam Next.exe
5100	Hyperbeam Next.exe
896	Hyperbeam Next.exe
2356	Hyperbeam Next.exe
4908	Hyperbeam Next.exe
240	Hyperbeam Next.exe
128	Hyperbeam Next.exe

Loads dropped DLL 12 IoCs

pid	Process
4060	Hyperbeam Next.exe
5100	Hyperbeam Next.exe
1356	Hyperbeam Next.exe
1356	Hyperbeam Next.exe
1356	Hyperbeam Next.exe
1356	Hyperbeam Next.exe
896	Hyperbeam Next.exe
1356	Hyperbeam Next.exe
2356	Hyperbeam Next.exe
4908	Hyperbeam Next.exe
240	Hyperbeam Next.exe
128	Hyperbeam Next.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DFC875D561ECA9B905.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF80C856F20D8E74BC.TMP	msiexec.exe
File created	C:\Windows\Installer\e57ea31.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF71C8E13AA20A6DFD.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF529A0DDA83DA18EE.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9DB21511-88FD-42CA-AC0B-2CB98681DC1F}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIED6D.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ea33.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57ea31.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000d3c83030a7acbc3d0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000d3c830300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900d3c83030000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dd3c83030000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000d3c8303000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\ = "URL:hyperbeam-next"	Hyperbeam Next.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\shell\open\command	Hyperbeam Next.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\shell	Hyperbeam Next.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\shell\open	Hyperbeam Next.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\hyperbeam-next\\Hyperbeam Next.exe\" \"%1\""	Hyperbeam Next.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801765966-3955847401-2235691403-1000\{532AEB1F-638C-4E7E-B6C5-06E703E9B0AA}	Hyperbeam Next.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next	Hyperbeam Next.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\URL Protocol	Hyperbeam Next.exe

Modifies system certificate store 2 TTPs 11 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Hyperbeam Next.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Hyperbeam Next.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Hyperbeam Next.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Hyperbeam Next.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Hyperbeam Next.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c000000010000000400000000080000040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f19000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Hyperbeam Next.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Hyperbeam Next.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Hyperbeam Next.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Hyperbeam Next.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Hyperbeam Next.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Hyperbeam Next.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 644245.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\hyperbeam-next-0.23.0-x86_64.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
236	msedge.exe
236	msedge.exe
5108	identity_helper.exe
5108	identity_helper.exe
1656	msedge.exe
1656	msedge.exe
4596	msedge.exe
4596	msedge.exe
848	msiexec.exe
848	msiexec.exe
4924	msedge.exe
4924	msedge.exe
5040	msedge.exe
5040	msedge.exe
5916	identity_helper.exe
5916	identity_helper.exe
3776	msedge.exe
3776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3780	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3780	msiexec.exe
Token: SeSecurityPrivilege	848	msiexec.exe
Token: SeCreateTokenPrivilege	3780	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3780	msiexec.exe
Token: SeLockMemoryPrivilege	3780	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3780	msiexec.exe
Token: SeMachineAccountPrivilege	3780	msiexec.exe
Token: SeTcbPrivilege	3780	msiexec.exe
Token: SeSecurityPrivilege	3780	msiexec.exe
Token: SeTakeOwnershipPrivilege	3780	msiexec.exe
Token: SeLoadDriverPrivilege	3780	msiexec.exe
Token: SeSystemProfilePrivilege	3780	msiexec.exe
Token: SeSystemtimePrivilege	3780	msiexec.exe
Token: SeProfSingleProcessPrivilege	3780	msiexec.exe
Token: SeIncBasePriorityPrivilege	3780	msiexec.exe
Token: SeCreatePagefilePrivilege	3780	msiexec.exe
Token: SeCreatePermanentPrivilege	3780	msiexec.exe
Token: SeBackupPrivilege	3780	msiexec.exe
Token: SeRestorePrivilege	3780	msiexec.exe
Token: SeShutdownPrivilege	3780	msiexec.exe
Token: SeDebugPrivilege	3780	msiexec.exe
Token: SeAuditPrivilege	3780	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3780	msiexec.exe
Token: SeChangeNotifyPrivilege	3780	msiexec.exe
Token: SeRemoteShutdownPrivilege	3780	msiexec.exe
Token: SeUndockPrivilege	3780	msiexec.exe
Token: SeSyncAgentPrivilege	3780	msiexec.exe
Token: SeEnableDelegationPrivilege	3780	msiexec.exe
Token: SeManageVolumePrivilege	3780	msiexec.exe
Token: SeImpersonatePrivilege	3780	msiexec.exe
Token: SeCreateGlobalPrivilege	3780	msiexec.exe
Token: SeBackupPrivilege	2496	vssvc.exe
Token: SeRestorePrivilege	2496	vssvc.exe
Token: SeAuditPrivilege	2496	vssvc.exe
Token: SeBackupPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeBackupPrivilege	4848	srtasks.exe
Token: SeRestorePrivilege	4848	srtasks.exe
Token: SeSecurityPrivilege	4848	srtasks.exe
Token: SeTakeOwnershipPrivilege	4848	srtasks.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeBackupPrivilege	4848	srtasks.exe
Token: SeRestorePrivilege	4848	srtasks.exe
Token: SeSecurityPrivilege	4848	srtasks.exe
Token: SeTakeOwnershipPrivilege	4848	srtasks.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
3780	msiexec.exe
236	msedge.exe
3780	msiexec.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
4060	Hyperbeam Next.exe
4060	Hyperbeam Next.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 3232	236	msedge.exe	78
PID 236 wrote to memory of 3232	236	msedge.exe	78
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 3836	236	msedge.exe	79
PID 236 wrote to memory of 1796	236	msedge.exe	80
PID 236 wrote to memory of 1796	236	msedge.exe	80
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81
PID 236 wrote to memory of 4916	236	msedge.exe	81

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.hyperbeam.com/hyperbeam-next-0.23.0-x86_64.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe43213cb8,0x7ffe43213cc8,0x7ffe43213cd8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Users\Admin\Downloads\hyperbeam-next-0.23.0-x86_64.exe
  "C:\Users\Admin\Downloads\hyperbeam-next-0.23.0-x86_64.exe"
  2⤵
  - Executes dropped EXE
  PID:868
- - C:\Windows\SYSTEM32\msiexec.exe
    msiexec.exe /i C:\Users\Admin\AppData\Local\Temp\hyperbeam-update.msi
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:3780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:848
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4848
- C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe
  "C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious use of SendNotifyMessage
  PID:4060
- - C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe
    "C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1356
- - C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe
    "C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --mojo-platform-channel-handle=1888 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5100
- - C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe
    "C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --app-path="C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:896
- - C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe
    "C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --mojo-platform-channel-handle=3368 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2356
- - C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe
    "C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --mojo-platform-channel-handle=2768 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:4908
- - C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe
    "C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --app-path="C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3644 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:240
- - C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe
    "C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --app-path="C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3780 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:128

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F8 0x00000000000004FC
1⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe43213cb8,0x7ffe43213cc8,0x7ffe43213cd8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57ea32.rbs

Filesize
12KB

MD5
e818f455442ff4197434e6e9c5fcc001

SHA1
ee2323906c332eefb68ae2de2232c2629444126f

SHA256
7c936702a581710cb8bef5bdec1f24789588f91cea65109d47b6f80fdf791a60

SHA512
9f05e844191a014f3dc38ccf4968d1ba6e186e81c8e54616a846f6c5e2ee649a2709282c9c78c4333b25039e92c4c9a1eea18c3e0afb5cd33c515542117be343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\03B6193231D6872FDA0CFE8EF2B47341_E9D4B4114707FC30CBF47828A387B70D

Filesize
727B

MD5
d0752a4be553237d2caf973dc76ade5d

SHA1
b0dad7b2c7442136aac12d1634ddec4ac432c4b1

SHA256
5a217710e5643445dbad3f56d1b48687c9e65fdfc9dd0de6c6d62e6986d34f90

SHA512
025014cf9b2f5fb8973344d8792de58c072a293849bd3b7be09324c106fa3e2fa717889da8ea5b579ab30b73ff337baf41ab616beb9ec2e2bdf3dd94a89b78b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
efc2eba5cc610f87c4e8cc2ef9f92962

SHA1
1eaab9628b7f40d03c952b6a7c01e52b084322d8

SHA256
213ab5fd8aa3e8ce44af269cf8830e774f34865b845e4d1fb959a7909ecd4c87

SHA512
25490954f1fb51de5e7008a28d5a3b9bcbed3c233c517fa20f48a34c84596714398251b8d3ae8ab700b97928b9aa220db51836c9918524cbe9858cdbd457f150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_B60E2B15CE7688A988CAACF7F569B2DE

Filesize
727B

MD5
8a140154cc91642713e36125614245da

SHA1
38c1dace3c2b2c3e86b58acfe570e99989a01b83

SHA256
51bfea9584851d2a7c087151d98e1cda5102f795851650d65dbabbe53ccf1079

SHA512
72e03cb8819b094732768fe88bccf9e52526ea108447708360b3aeae3d1c72fcec1da22d15245784f4032fe2a6024107da9e11e1f01d78da4e5584767d607b3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\03B6193231D6872FDA0CFE8EF2B47341_E9D4B4114707FC30CBF47828A387B70D

Filesize
412B

MD5
35e1493f1d8314f10accb0329db3f418

SHA1
161f96adc2f968001b5e4c915464e706554a5f5b

SHA256
275d86a606119d60d55dc10778107abd366767668281d56a98ca7cbe5c53cc10

SHA512
ec3b3868f4dbe23d817c71436ad230af1ded7c44c5812d416b2488b0fc586cb567fa44b152e5bb24dee17cca9f3ed059578fc176fb3f80d156e84cf2798ef675

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
0a8cedbd14ddea8316c73afb22be7575

SHA1
27ab54b5a8a9cdb4b89baac9880b206b870e0f5f

SHA256
f84e9adeb6ebaa6b551598c4180ae71a991fab2dccb5d77a4ef08d7bb3390b9c

SHA512
80bfa30b4b0bb49c72eada0adcdc312952a7654ae541bdec15be136a8d583f2f19e8236809b6ff290c0926c96e1bd25f3cba81472e85d61d73a94e1dbcd47bb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_B60E2B15CE7688A988CAACF7F569B2DE

Filesize
412B

MD5
6bd33d4053a68abfd86475386b408afc

SHA1
6ec4403e261cbf8fbefd69f0c19b213df4c17737

SHA256
4eb5e5efbd9b7884f7317455c5f9352fa1c486bfe17112f6aed536e895f0b3e9

SHA512
5d4336af649b441dc125704e56227d9cab0bc66763c8cbcda512811d9bafef8e9ad9ae16d976c4b1999245d0d7c5e0a9d5ef65f1168009e5a21b45b81eb35746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54caf18c2cda579e0dad6a9fc5179562

SHA1
357d25de14903392900d034e37f5918b522e17c9

SHA256
28d77529de92eb605d8afee0e133a7d08e13d4386e5e38d63e2da34623eaad6b

SHA512
88da5a33df9d82408afb8344ec7dbaf7686435fdb55eccfb85d5560f39861e84cef5d71949d5efe7a191778e6be755a8448f3fc3d7043007037f9f5227e10210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
696ffba7b83ecf008523e96918f200d9

SHA1
970d90e22c8b3674fc33cdd1913c51ef28514255

SHA256
dc6dacd725d7385b2e4db1f488d93f2840d2289efdaaf3737849304d1ab9ba34

SHA512
f8528683b70b58376f3eba3338fa6b462c9e9248c72524573005cff6397a0556bdcc2fdc2ebb020ba8218bc8174ba552002f223a245dfe3d3688826d24d63237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c559881d10df131d96a0fbfd3b648c0f

SHA1
2239bef56f22dde31c92bcc68481e111b4371e57

SHA256
78ea9e5638d8ed0f4a19dce80e15d8a9fb296f6d9c14bcc653f05fbd290f9031

SHA512
b5997fa4c6fdb6bd5cfb5f12c55e6384abdfc5b85252ab82ce6d4a84e19e9dac78c33c135522a7b806b51357e9d1038fc49096ab1ccf44e5813f8f96c4a9abef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
dfeba6f7effb3889beafc847e2570465

SHA1
8ccff2add0e9e5b5d253155ac55e9162b2733c35

SHA256
c8553fa416876b5329f5563dc0dab562adf8d083310d0c866d27a6f50ef0c27a

SHA512
c92175210f1efa189ec50e1ee76102e5c6e90d36c76f83cfa5fa0e299a38d3396289a7c9dc747e3059ac496921cadacf353a51f0980cdc08afcea709307006f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
e08e7aa7a19056a722b6de7ea6f0c27f

SHA1
6326de4ff5aa2036a32df5c10313bb313567554f

SHA256
c57234e953c801068e2f5492b281916432664a547469c21a583b36f95ef2275a

SHA512
d4bc384d1899a6f38b0f4481ab074690be8c5b5163b156a322975f62b26edb6e82396f4d368399ca42cf0a220b87e429e9c4d41aa65a36e5f220f0d21af94098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
46e60e5efcd2968ab0239254aa36b6c7

SHA1
5c2152344476c9f4aeede157b05c28015a47e365

SHA256
63f39351678a62c9f40c5bbc0ef577ba29b296e5bb473d7b0a8cbf605c3c210a

SHA512
3cd9340667764cbb15053397e0248ff5329ca7eb80ac163e9d2cea3c6027cfd10d11c66778f1d4018deada93908fd8469d7786858be6677732a651761abe9cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4af48b0f0b45930027ee6b0a32447d00

SHA1
68ccd02457526d0c562c7c2287618fac0f544519

SHA256
c561fc93a135e66df612d7cd1cccb7f67567dfd2537c7c34874478b2158a6e93

SHA512
fffcecf9c9015e66da7872b4e4220b5f1d2b7cf2b9e8fa95d14d9ff0f3c34bbb11b497786474689f828301c7e7ad24a9b67bf0999cbea6f92ec02add4d2bdf45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cee63f40ea5f2d8bbb607182f4a37b3

SHA1
7970d3ac70d4e7ca65da4335548a48b7906ccff4

SHA256
0a43a014580b9237884da4c48e31208f953a4c2c2169bf1252a773ef996ba381

SHA512
113d528448a63d14041e92582fea5ba2cf137623a74d503e8c53d39fe60f9df3d9769c7549398b4fbaf1e0bb9074e83ac53fb4eb7d72de58e6cf22e7b8f157d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac99054a88a20bbabaf1d9483cce5bbd

SHA1
1534b7a159010af0d63a9e02fafdb0f529c05b5c

SHA256
b25138625ac18d2cc3c4cf2b2083616769a6543f007a3fdf6571a01c32c62f24

SHA512
917e1e5c3413f9ff6bd6a503ca97c249c6962e7b44028b3f979c721092918f8e3fa2ea705de385013600fa18d934bbed529628d36d02d9567039b6c009caae9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
257448f05dcf6458b8d299b55f21c786

SHA1
3d2c4e63f99f445eb68a262647a6617a87b03584

SHA256
cc114a5dfd8141ad89dfc6814e777851857e6d76edd44bf1e05c2d9fc98d4402

SHA512
9c3b51dc6bb4738e338f5b203e2ae66346089a244a3f0e3decc07bda4d97bd9d4c265c091054a115ea48de99d435cca2cdb4d487434ce2787af2a2640a845d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6e7d9c3041fea8da279acef61e96f963

SHA1
e2bd556b4907b23ce9c3c9cb4515a4d831b3c5c5

SHA256
90e4f6ccc01194fc6ab8a83d15acd445d655577247776b695af97606bc9734e1

SHA512
2e9157f65cda591efe0f20d3178072e06edd0c07180b609984094baec76a46db48808b4606730dc38ba42ff58d7ddbb1adf05a389e4d5a699d09ac01a6496430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fb847cc5c717784155f26fdb3260a173

SHA1
ad3a204199fce467ff9d1cbe8dfbaf0198cef14a

SHA256
02b9a89c218e48c5eb7357076ce00ac0e5e716649c309c70ebcbf7087b9e7ba1

SHA512
8686775b8692e58e0f0c642b82c18ed57ba72faf1251b06f46081adb70bc40c30cfd154cdde7287d6590b565be1355e809a71c06f058105ccd5e7b705215f450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
83f01e9d67c1fb764d9dd99a95bfbe8f

SHA1
0bb2cef981468872805af64e9c9071410dabacce

SHA256
089a4652d3cefefa26fa6c71e1f9fb8d21b914c98a74121d6b8dca7c6513ed4c

SHA512
4d30b7d86e918bb9096dc6b45c9649c139c10cbc349aadc7e023221ff6b6dff1544f4c87535dd75ad21a8119174711efe38a5af6c7c6a78525b0e9eaa0c32534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8015e3ba9cdc6e20cef3b730759db097

SHA1
89ce61ccf0fe14ed5ea0269384e39932f6edd1bb

SHA256
d56c5bc5e239bc2dd12038b57d88d42d6564ab232f158aa5e934c97b611b6ecf

SHA512
23ab092093cfb752b6f97240f7bc82d0f6cff5e1be833fe310efa98f57965d1d4a28998fb06ca3893ae2d4b3572a20110a9f5e51516c7758ff43853d0a5bb320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
52ef6e6f850ed193eef2cb648ac1c49e

SHA1
c6e2d1ab3395f52039a14724c4ba9f3a8dd633d7

SHA256
a2dfdd51192696a9a1da4e1b9185fda8dcdd1533e498f932d94d95d21a7f54bf

SHA512
0690b7f6a64508ea215502fff0fb5e79fe398248ff9f9b78c02dc24c2a7a8c43fdb63bfb7c30e0a0d0341e2b9b1fe78564ec2d47314bc31c2f1f07de47cfc6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58990f.TMP

Filesize
3KB

MD5
0d866a4c59e0cfe4226b0b7717a399ce

SHA1
8ca5a6275f91e9b04151b46470fcf36954ad38ea

SHA256
1161a95d503ce58bd6e74a58617267644b051c7aa1e290b281d0b03ef3b6cda3

SHA512
d9fbe52d92a02d00eae87f8f5bbd407b814840bee814663b37ca4854951cba3ba7eaff0fc934a0ad97d5765b7383c849273bc867018d24cf2dff44ba3ebd6029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4209517531229a7b9cf7e411d17113c

SHA1
16e44e5d4c2807f7b223188e540638e5dcffcca8

SHA256
3bec290be4d29aeb9b9479195831d43aae3d8f39ded07176a2b08bb0aae2b3bf

SHA512
86b4f7586f716b9070313a260b6e1a3259b61403bf3c97d0e9af790a415e0ef2200a049b9894d5e6fa0e85f6baa68714baa8daca49af58fd242425b4849deb3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4bf71622dcc7cec29e6326637d6779be

SHA1
2e3866dc7e3324c643a881126025e2d0c709186b

SHA256
8a38a9fb2ba4c036e447c82fdd69598ec8b2c3d38cb236a3290f95582daaecdd

SHA512
e61805145d774bdcbf32d64630b69b8f9c8fe7b4323f12178fab67d3ccd22fe07c37830e718094ee0daea75089e6475f6b2d9b39d8ef75a3b43196b7c600e839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af1e8e309acbdaa7b315563533429e15

SHA1
72d7b60d3f78753e63607403a1608aa73c27d893

SHA256
369bfbc7e9b606fd765d371a51b1f5bb705a90312757223f5314a7aa61d00fca

SHA512
6996846119ab99726a4a4751c6f60bbe71a9a4ee55188c4120486c753bd5da4355274fb1a83651b15d65738f6e631cceb45576d6989651e5b7bffb455f2d5850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1eaff08fc0ad3b69e73bd0e98e6048c8

SHA1
2fe590f76401ac108048ede9308a0ac175838298

SHA256
ec1b0d8a6e7bc4cb408ddc0385608ee29ac78583a04520fa23a367ccb6f54e50

SHA512
5d0ae53810574da2d29352dc1796b632406214eadbf1ebb349cda7614d12781426ee1e0869bd13fc0ca92992b780248e6f6c69a65339305b86e8b03d7a904ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bedc8908809a79d80a58bb06ff13f2ac

SHA1
f5ea1f64cf8c911751053f3ae10e77b7c98d3db6

SHA256
b15936a4c377cc84b4c3eb2d647f32ffac6ff678faf8a2e065ae930cb22455fa

SHA512
e61d521886c2148bc48758f6fff6aa37311259fcb974455db8a209d59dc89701093a611670cba322fc4f8aaab1e8e2c1953638e474851fff67b0642f1d5d2b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe

Filesize
150.4MB

MD5
13065ae8efed20a7241407626f482523

SHA1
7f833a6d32b99af2649b242027692cd66d613c9a

SHA256
650580d7bcfdb1059017b3132f6bf96104e6b297f01021d580e6a6a2a3248553

SHA512
182b631777ec5da1d91a288aec254fd76fd21851268f90d8d495eadf2cbf74db545580011a2d47662a2a616b665cbb94176d34616f8bf7232787ece929c4d2ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\d3dcompiler_47.dll

Filesize
4.7MB

MD5
acd6b0203f280db8039d8d5a282d5f54

SHA1
19876e45b62dbfb7b819224a453ee315cde6c39d

SHA256
63c0753fc114761caf06aed16c470d4813a2ec278d468edcc972d0e35e01cf9b

SHA512
40a60059a28aaea49496428245ccb6f2a7b5a020d263f89cabe1aec517c46dc886d872ce9bccdf605ece144414a469d7b74edbf5529eab926469f462b4a57d3b

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\ffmpeg.dll

Filesize
2.7MB

MD5
1ce2f0b2078c2d9bd2f5ae284355f39b

SHA1
12313b090b1b7f01c808b53a35267d054ebdf743

SHA256
20346e4c06c537bc04d7f88e283435e5b5a757b4aba2b76858ba5e4bbba387f9

SHA512
5668b07fdfc43c3c4017d2ae591772f46f0ea81273236b619bbca809e979e40ddc2872f3c1ebb61bc48d6281559963002062d8435414e118f948d75fcdff746b

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\libEGL.dll

Filesize
491KB

MD5
02def381b8a017f3afd068fa2534d526

SHA1
1313d078f630afc3f22d128fd6a674d25f93d396

SHA256
fde661ec7b9a2f6ff0aa62d34f39cd8d76573cb6740bf8edc8fe59f32f983c89

SHA512
dfc486e18bb6a22bd942a7f0182e1d5fe320810b16a99eaeb5708db5ffd6dc0b12ae9c528a6efdd137a724ab018d54bf9a8dc5d9b67b7be6bef8f853c3bb1e03

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\libGLESv2.dll

Filesize
7.2MB

MD5
8df4c8d7c4876fd3f78ffbbefed8bdcb

SHA1
0d65e3e9d8d0b8a80a8fe481b5130faf924643dd

SHA256
b9e515aef3e4f29ebd133c8024bbd83503534750bf26635327f11be5b00395a9

SHA512
fac0996a61354322115476e2ffd79ffef85dbdcf33f477e06b7f865b3ceb94f6e1c6a08d8ba7141dd75725696081fa338b0ea656eefb15c41aca4cc85292436c

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\resources.pak

Filesize
5.1MB

MD5
f5ab76d2b17459b5288b6269b0925890

SHA1
75be4046f33919340014a88815f415beb454a641

SHA256
4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c

SHA512
6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\resources\app.asar

Filesize
211KB

MD5
e5dc9a5815bf5262bf967d030946e225

SHA1
74d034dd08586d0e33800ed8f40facd2596de456

SHA256
df2a5c07518f76f50443bf30dcfa3ea0cd6c512e7518f6e7709e2d8f46a29c64

SHA512
2812b79d18be202c24a6197e3aa0f5bcea363d83bb11129f7a15fb409d897b0f540c612959426a64ff7da3d84810732b0d8fcf6e4d7b7c84ea8aabc1ebbc9086

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\v8_context_snapshot.bin

Filesize
471KB

MD5
6503b392ac5c25ff020189fa38fbaecb

SHA1
50fb4f7b765ac2b0da07f3759752dbc9d6d9867b

SHA256
add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470

SHA512
9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

Download Submit
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\vk_swiftshader.dll

Filesize
4.9MB

MD5
43a4e5190ab46e1cc556addc0974839a

SHA1
986785e536cbf6bca4a1bd248d1458b5074f29b9

SHA256
7ae1ff8eb4fa6916e110cc0bcad3326b5160e096e662d215a0dfc264db222b30

SHA512
7ca55fb2ec0508c17ce4b23c23c3caba7440eef65da93a216a064c107a02c025d3be703b6b84e8b45f42062a4af319768d2126d15425d80427ba69d181501306

Download Submit
C:\Users\Admin\AppData\Local\Temp\hyperbeam-update.msi

Filesize
70.8MB

MD5
8399ee32d530f4b03813835315aa134e

SHA1
e5737b899ad81cef33df49e8ec031923c6dac453

SHA256
2c297b9e458fd0cfd15d19050c510461719af268d01feccee586b80d2a1be2e4

SHA512
cd7ddd089b434b29b6d8fcb9be36fc08755c1df5a87fb7d1169d9c1e0174340a486dfffcadfb2d2ad091233408cf288233ddfdfabd6ed9f182d6df9671fd0329

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hyperbeam Next.lnk

Filesize
2KB

MD5
0c158a1b73cf1effa012250131176536

SHA1
8219e5eb9ca0a1f9421b7f724baa43bc25dff65f

SHA256
8adb76866b3de719fa37f35fbab1f03c3407e13e6ccd347818a4bda57f23c6fb

SHA512
25109159f12bf343ecb48003ac0c71c6df472e3aad2722d0864c4148836af91f9bfe921bc2c75a829897ad0af0e01da8d3356d4a62ebf2d6727fe3fc76c3af51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hyperbeam Next.lnk~RFe57f3e5.TMP

Filesize
2KB

MD5
f6db43d4ba00e4f364360e1a1eef5003

SHA1
c1924aa41ed67914f74d8b00d48147dc5a927a5d

SHA256
559fa8b2e96eb86fd5811937096ef06f4e77553e6eb38fb233cc5c875b1c8aeb

SHA512
0f528a79e3604680b919f2b4ccaba8a9b40b6801c8e58bff9169e709139b6923149b09642d6b875b1dab32123b0f2e370bb20ef20921b3459940ffe0bef390bc

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
cfae1a7c573f972dd0d3a7f6be347cf6

SHA1
f186366d924c78dafb79604234caf0f0ba9ce45e

SHA256
11ad5a7c26d16a19658333afbfef5ff202a7a449eb80f7c8f30862cb8a921329

SHA512
89537e049f91e7ea757931d74138af895f728da4394472f7c32a1c53833fb6cd34d21a0a6e6061d70a1a4bf5fd47939bcc39fe80e554639113c1e38d7a6b9f54

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3c0e3e33c57df642d95282d9e32f217e

SHA1
756e6b4ec93f34f80e0df18d2c0e2616e75193bd

SHA256
51535dbb22f3aeaa382df3aa9f8544c9da46f2f0e5fe535328fcf4643d069ca8

SHA512
25eb9fca22b94d69e6b49ce0bfcad42e42ce4f0646fca829a3610c3c8defc1777bb99334ea0cbe79267fcb1e9b77aae6aef9f81de035fb9a098d1cbdc596d032

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Network\Network Persistent State

Filesize
908B

MD5
5361a2ac430427e393851c8080034b72

SHA1
d0b9215faa891600ddcd7e575d9c01b4f61509b9

SHA256
fa1a321be35ae7e91f06751b2eaa27892929d1b12a44750ca5f8734d5f7fcdc9

SHA512
0bf26c6665f41e9d8f7b3dffcc33d40d3a1cdda457045302b5641bbb3a6f4d5196e54367351b204dacc181dd967343951d7e281904abab6419614b0217e90a24

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Network\Network Persistent State~RFe58ccff.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\CacheStorage\eaa184395ac3517f162fc872a7db53364ade2d5a\741b25a9-3289-4627-ab62-6c08be05a2db\index-dir\the-real-index

Filesize
336B

MD5
8a03f9a8ab1423ee9adf2a992e4589dc

SHA1
b8567ce4111fe21eae3d0f598179ed2eb1f13eef

SHA256
aee11d52fd2ff8d9a079e87edefe8951cd995214bbd351ccd85ff1554ef0b954

SHA512
a6e9f67e148bcd3d74f0e8ab8d465c78a26389b4df537348b08be2fe25ec430d3ce8057390710833b55f1a02ef2fc7edcbb17f0d8037a0914dd4d41c34f15507

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\CacheStorage\eaa184395ac3517f162fc872a7db53364ade2d5a\741b25a9-3289-4627-ab62-6c08be05a2db\index-dir\the-real-index~RFe586378.TMP

Filesize
48B

MD5
a72f027c3974b3a3434793ce1de02ef3

SHA1
20f30af0e578bea8dd1004c51eb9ccb10cf8a8bb

SHA256
148533686d748278cb1bd6ddc7b19c55eeca86c0003db70f9340c94ab03cb05c

SHA512
0bb57efdbad8626bb283b8a8abd30a61599d43653719c61a37a5afd6c155dcd5120a4feebc4bc16f5be706a968869077c2856bff55c9a0089ba20fc25360b92e

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\CacheStorage\eaa184395ac3517f162fc872a7db53364ade2d5a\index.txt

Filesize
169B

MD5
91c4f304d40e5d2c7106f995ce56b58d

SHA1
74de3094311789e959bb06e43d8619ac5dfbff62

SHA256
5b273eba6ffdb6fa0eb2dd83360c6b3eaf6506a28493414a66a1c0413f479ab5

SHA512
6bc4be6c7b2e4eae4ba10052d806acd55620bcec737cca5c31ed1e303dfd563f2bb43cb15d8616ae135da532ee1005ea559088932021f8dd30235c62224582c9

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\CacheStorage\eaa184395ac3517f162fc872a7db53364ade2d5a\index.txt~RFe5863a7.TMP

Filesize
173B

MD5
32125cd277f16edb586ace9310474605

SHA1
a27c92ba900e38df2451413c6f241e24ec487ce1

SHA256
63f08e0fe056adb662c5921f5aec440238f04f882dd274ea793d738da85bd836

SHA512
26e783a2914c32b5bd2e8a7e04f63cd8886316609e0462c2f70e3035d541166307ca432ffb68a35bf6b03cd3b988967bd4ba64a168830576dbceebbc931f4734

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8c38e75b2359cc2bfb60ad4b1b9a7808

SHA1
7167dbf108a12905a3bb294607830cdac3a059d6

SHA256
c918bb44fb483d51fe284051d2823b0243d615307e7922e9a3956b2921498ab5

SHA512
a85aea8605e996c2f7433f10efd83ff33aded1363e053f10d959315f9bd8692f0f9f5ca5a853ad5ce54b75edbf861ab932f992091269519933245eee4a547d6d

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\ScriptCache\index-dir\the-real-index~RFe585cb1.TMP

Filesize
48B

MD5
b8993f822514df5e54c7eabd9f35d077

SHA1
77e72db4357438c870aec0de65c7a1e068b10e12

SHA256
c3ef838d357442828644cdf93339ea4221792d4e0f55280298d2ee74169b31b7

SHA512
506d88a8bf2d865969386935aca791dc0e4ae598904fb6e65d975b610d3ef2523c05e9524b7fc4297d36fcad50c80b839ef1b0af13e5a9e4c44a47ec2b15946b

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\hyperbeam-next-0.23.0-x86_64.exe

Filesize
71.0MB

MD5
f20fd1faee66e13732732694bf587084

SHA1
626e20026bc30fc7dc76fb815ccbedae688a1f4f

SHA256
b48f27d6c2ee033dd1f96f3e68c94fc87782422377664bbd1c7c2dcf181e9db6

SHA512
b3dad4b3f8676651ed263a473b9baab104498a5004c412d3340e1ffc0b66405dea7a9ec7c9dc5a28e655a8467c490445b844a884a7eb12623d1aa2d308b6a6fb

Download Submit
C:\Users\Admin\Downloads\hyperbeam-next-0.23.0-x86_64.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
b95d8ae32925bf555acbe31a8be5a177

SHA1
d6f4a4812e8e28389dac8d65546bd38294d5598a

SHA256
f6fd980e0add1b82e93671964f9feab6a510c187092ee458444dca350badb23d

SHA512
d60909da5f638454179941d5cf04fe10dcb61e2e8c14eaa5c519a7be8fd21a9f62c7f678724beb0d06894e31a3f326b3a062ecb58b77bce9063a6186ecfbae8e

Download Submit
\??\Volume{3030c8d3-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2865a97b-8483-4a3a-ba64-9b0cddd04454}_OnDiskSnapshotProp

Filesize
6KB

MD5
17888c12f4b55cf4b8066d62a59c5e3d

SHA1
d1128cd6c4b0f1f6952e554a667420781fbebd1b

SHA256
6b86562b2bc2797a7c22adf1345f88fe9e3cfaa7593ad5cdc3b03febdb59b0a7

SHA512
96d59113155779e3702c6a6ae92961a8dec35a57ac25f2d605b53db44c3635e0469c0633f36f7e80d37648aa59caf847b0ab6c0e5615f114cf5ca3e5aeac5cf4

Download Submit
memory/896-363-0x00007FFE52400000-0x00007FFE52401000-memory.dmp

Filesize
4KB

Download
memory/896-366-0x00007FFE50FF0000-0x00007FFE50FF1000-memory.dmp

Filesize
4KB

Download
memory/1356-302-0x00007FFE51A90000-0x00007FFE51A91000-memory.dmp

Filesize
4KB

Download