hxxps://www[.]mediafire[.]com/file/slzrt0x3j814feu/LC[.]zip/file

Analysis

max time kernel
779s
max time network
725s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
20/05/2024, 16:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/slzrt0x3j814feu/LC.zip/file

Score

10^/10

discovery spyware stealer upx

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 6344 created 4356	6344	taskmgr.exe	200
PID 6344 created 4356	6344	taskmgr.exe	200

Downloads MZ/PE file

Executes dropped EXE 21 IoCs

pid	Process
1756	TLauncher-2.899-Installer-1.3.1.exe
6628	irsetup.exe
5844	TLauncher-2.899-Installer-1.3.1.exe
7356	irsetup.exe
4356	OperaSetup.exe
5896	OperaSetup.exe
5528	OperaSetup.exe
1988	OperaSetup.exe
1196	OperaSetup.exe
5300	Assistant_110.0.5130.23_Setup.exe_sfx.exe
5244	assistant_installer.exe
2800	assistant_installer.exe
248	TLauncher-2.899-Installer-1.3.1.exe
8012	irsetup.exe
2728	TLauncher-2.899-Installer-1.3.1.exe
4004	irsetup.exe
1352	OperaSetup.exe
7580	OperaSetup.exe
5900	OperaSetup.exe
3392	OperaSetup.exe
2152	OperaSetup.exe

Loads dropped DLL 26 IoCs

pid	Process
6628	irsetup.exe
6628	irsetup.exe
6628	irsetup.exe
7356	irsetup.exe
7356	irsetup.exe
7356	irsetup.exe
4356	OperaSetup.exe
5896	OperaSetup.exe
5528	OperaSetup.exe
1988	OperaSetup.exe
1196	OperaSetup.exe
5244	assistant_installer.exe
5244	assistant_installer.exe
2800	assistant_installer.exe
2800	assistant_installer.exe
8012	irsetup.exe
8012	irsetup.exe
8012	irsetup.exe
4004	irsetup.exe
4004	irsetup.exe
4004	irsetup.exe
1352	OperaSetup.exe
7580	OperaSetup.exe
5900	OperaSetup.exe
3392	OperaSetup.exe
2152	OperaSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002ab92-1115.dat	upx
behavioral1/memory/6628-1120-0x0000000000100000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/6628-1756-0x0000000000100000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/7356-1936-0x00000000008A0000-0x0000000000C89000-memory.dmp	upx
behavioral1/memory/7356-2554-0x00000000008A0000-0x0000000000C89000-memory.dmp	upx
behavioral1/memory/8012-3113-0x0000000000B80000-0x0000000000F69000-memory.dmp	upx
behavioral1/memory/8012-3705-0x0000000000B80000-0x0000000000F69000-memory.dmp	upx
behavioral1/memory/4004-3785-0x0000000000DA0000-0x0000000001189000-memory.dmp	upx
behavioral1/memory/4004-4362-0x0000000000DA0000-0x0000000001189000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 8 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606965866512261"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 39 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3062789476-783164490-2318012559-1000\{4EA8DE92-3624-4998-9950-EF87553E1FCF}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "3"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 8c00310000000000b4580584110050524f4752417e310000740009000400efbec5525961b45805842e0000003f0000000000010000000000000000004a00000000000d34b500500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe

NTFS ADS 9 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe\:Zone.Identifier:$DATA	OperaSetup.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 12048.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\LC.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 685425.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe\:SmartScreen:$DATA	OperaSetup.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe\:SmartScreen:$DATA	OperaSetup.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe\:Zone.Identifier:$DATA	OperaSetup.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
3548	msedge.exe
3548	msedge.exe
2156	msedge.exe
2156	msedge.exe
5256	identity_helper.exe
5256	identity_helper.exe
3656	msedge.exe
3656	msedge.exe
1336	msedge.exe
1336	msedge.exe
7264	msedge.exe
7264	msedge.exe
7264	msedge.exe
7264	msedge.exe
7652	msedge.exe
7652	msedge.exe
6188	msedge.exe
6188	msedge.exe
6812	chrome.exe
6812	chrome.exe
6372	chrome.exe
6372	chrome.exe
6372	chrome.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe
6344	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1972	OpenWith.exe
6072	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5984	firefox.exe
Token: SeDebugPrivilege	5984	firefox.exe
Token: SeDebugPrivilege	5984	firefox.exe
Token: SeDebugPrivilege	5984	firefox.exe
Token: SeDebugPrivilege	5984	firefox.exe
Token: SeDebugPrivilege	5984	firefox.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe
Token: SeShutdownPrivilege	6812	chrome.exe
Token: SeCreatePagefilePrivilege	6812	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
5984	firefox.exe
5984	firefox.exe
5984	firefox.exe
5984	firefox.exe
5984	firefox.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe
6812	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1756	TLauncher-2.899-Installer-1.3.1.exe
6628	irsetup.exe
6628	irsetup.exe
6628	irsetup.exe
6628	irsetup.exe
6628	irsetup.exe
5984	firefox.exe
5984	firefox.exe
5984	firefox.exe
5984	firefox.exe
5844	TLauncher-2.899-Installer-1.3.1.exe
7356	irsetup.exe
7356	irsetup.exe
7356	irsetup.exe
7356	irsetup.exe
7356	irsetup.exe
6780	MiniSearchHost.exe
4356	OperaSetup.exe
248	TLauncher-2.899-Installer-1.3.1.exe
8012	irsetup.exe
8012	irsetup.exe
8012	irsetup.exe
8012	irsetup.exe
8012	irsetup.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
1972	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 4908	3548	msedge.exe	78
PID 3548 wrote to memory of 4908	3548	msedge.exe	78
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 3484	3548	msedge.exe	79
PID 3548 wrote to memory of 4248	3548	msedge.exe	80
PID 3548 wrote to memory of 4248	3548	msedge.exe	80
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81
PID 3548 wrote to memory of 2312	3548	msedge.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/slzrt0x3j814feu/LC.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5cae3cb8,0x7ffa5cae3cc8,0x7ffa5cae3cd8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8932 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8964 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9796 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9944 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10328 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:1
  2⤵
  PID:6388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:1
  2⤵
  PID:6396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10440 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10976 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1
  2⤵
  PID:6664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10928 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9724 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10828 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9400 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10268 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9328 /prefetch:1
  2⤵
  PID:6728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:6700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9336 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1336
- C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe
  "C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe" "__IRCT:3" "__IRTSS:26611457" "__IRSID:S-1-5-21-3062789476-783164490-2318012559-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:6628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:7936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
  2⤵
  PID:8176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=9836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:7652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10292 /prefetch:1
  2⤵
  PID:2156
- C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe
  "C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5844
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe" "__IRCT:3" "__IRTSS:26611457" "__IRSID:S-1-5-21-3062789476-783164490-2318012559-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:7356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11304 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11464 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11544 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3676 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11748 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
  2⤵
  PID:7468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8508 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6188
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:4356
- - C:\Users\Admin\Downloads\OperaSetup.exe
    C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x2dc,0x2e0,0x2e4,0x2a0,0x2e8,0x750eb288,0x750eb294,0x750eb2a0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5896
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5528
- - C:\Users\Admin\Downloads\OperaSetup.exe
    "C:\Users\Admin\Downloads\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=4356 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240520163340" --session-guid=b9db364d-5eca-4f76-964d-299d1af6c917 --server-tracking-blob="OWRhOWRjMGYxYmU2Yzg2NmY4ZjUwOTgxYTcyZjhiYWUzYThlM2JiODg3MDM3YmM0MTE4ZmFjYjliYjk3ODE5NTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9YmluZyZ1dG1fbWVkaXVtPW9zZSZ1dG1fY2FtcGFpZ249JTI4bm9uZSUyOSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3LmJpbmcuY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZG93bmxvYWQmZGxfdG9rZW49NzY2MzkzNTgiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMSIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTYyMjI4MDUuMjE3OSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85MC4wLjQ0MzAuMjEyIFNhZmFyaS81MzcuMzYgRWRnLzkwLjAuODE4LjY2IiwidXRtIjp7ImNhbXBhaWduIjoiKG5vbmUpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZG93bmxvYWQiLCJtZWRpdW0iOiJvc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiYmluZyJ9LCJ1dWlkIjoiNTM0M2MzMjUtNWNjOC00ZDgzLWFmZjMtYzg1YWM0NzFkZmJiIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=E008000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:1988
  - - C:\Users\Admin\Downloads\OperaSetup.exe
      C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2b4,0x2fc,0x7284b288,0x7284b294,0x7284b2a0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1196
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405201633401\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405201633401\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:5300
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405201633401\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405201633401\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405201633401\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405201633401\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x4d30e8,0x4d30f4,0x4d3100
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2800
- - C:\Users\Admin\Downloads\OperaSetup.exe
    "C:\Users\Admin\Downloads\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=4356 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240520163340" --session-guid=b9db364d-5eca-4f76-964d-299d1af6c917 --server-tracking-blob="OWRhOWRjMGYxYmU2Yzg2NmY4ZjUwOTgxYTcyZjhiYWUzYThlM2JiODg3MDM3YmM0MTE4ZmFjYjliYjk3ODE5NTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9YmluZyZ1dG1fbWVkaXVtPW9zZSZ1dG1fY2FtcGFpZ249JTI4bm9uZSUyOSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3LmJpbmcuY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZG93bmxvYWQmZGxfdG9rZW49NzY2MzkzNTgiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMSIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTYyMjI4MDUuMjE3OSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85MC4wLjQ0MzAuMjEyIFNhZmFyaS81MzcuMzYgRWRnLzkwLjAuODE4LjY2IiwidXRtIjp7ImNhbXBhaWduIjoiKG5vbmUpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZG93bmxvYWQiLCJtZWRpdW0iOiJvc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiYmluZyJ9LCJ1dWlkIjoiNTM0M2MzMjUtNWNjOC00ZDgzLWFmZjMtYzg1YWM0NzFkZmJiIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=B409000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:3392
  - - C:\Users\Admin\Downloads\OperaSetup.exe
      C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a8,0x2d8,0x7284b288,0x7284b294,0x7284b2a0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,12590218968378990243,9546555007116731217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:5320
- C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe
  "C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:248
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe" "__IRCT:3" "__IRTSS:26611457" "__IRSID:S-1-5-21-3062789476-783164490-2318012559-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:8012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C4
1⤵
PID:6816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6668
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5984.0.1843974218\1651556292" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9539fb7a-21e7-4595-8365-3dfe2db00886} 5984 "\\.\pipe\gecko-crash-server-pipe.5984" 1892 268bc80ed58 gpu
    3⤵
    PID:7200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5984.1.996261205\87588637" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2c13cba-9f8c-4c2a-bd6b-4eea35102615} 5984 "\\.\pipe\gecko-crash-server-pipe.5984" 2420 268afb89c58 socket
    3⤵
    - Checks processor information in registry
    PID:7484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5984.2.873546467\1225515539" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0107100-9616-4fd5-a083-b983cc3b11b9} 5984 "\\.\pipe\gecko-crash-server-pipe.5984" 2968 268bf72fe58 tab
    3⤵
    PID:4724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5984.3.2101997358\1704353294" -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3520 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdc3c732-51ad-4f98-950e-0245d0a690aa} 5984 "\\.\pipe\gecko-crash-server-pipe.5984" 3168 268afb7ae58 tab
    3⤵
    PID:7392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5984.4.2039844466\1431984084" -childID 3 -isForBrowser -prefsHandle 1660 -prefMapHandle 5168 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fed18547-0898-4cf6-b46d-64b29cc6489f} 5984 "\\.\pipe\gecko-crash-server-pipe.5984" 1704 268bc80d558 tab
    3⤵
    PID:6644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5984.5.1382418150\865510651" -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {039b0742-af43-4fb8-903e-72cea2c5f3f1} 5984 "\\.\pipe\gecko-crash-server-pipe.5984" 5312 268bf732858 tab
    3⤵
    PID:6680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5984.6.1674205699\1656745615" -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a0f0b2-6422-422a-ad6c-af8efc68141d} 5984 "\\.\pipe\gecko-crash-server-pipe.5984" 5500 268c4bcb758 tab
    3⤵
    PID:5564

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c48ea1bdb5434e5ea982fc565a6a7e7f /t 6636 /p 6628
1⤵
PID:2720

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6780

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\05eed355fe1d413b935be0be3e229a86 /t 7352 /p 7356
1⤵
PID:5744

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\9f9be8b94204444cb03f9720a7c81a40 /t 4660 /p 8012
1⤵
PID:7016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6072
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_LC.zip\LC\natives\avutil-ttv-51.dll"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  PID:3136
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:1648
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=566D9FFD2A0DF10E042B6E95370CE783 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5980
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B0528538282BD885B18AF463C1427EA4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B0528538282BD885B18AF463C1427EA4 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:2328
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D83CD2138F00A3BBE362D36572621C9A --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5260
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2FE860D6D74A0DDE967846CDB9B9D918 --mojo-platform-channel-handle=1912 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4664
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=54EE21600EC33AF287A21F94417612FF --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe
"C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"
1⤵
- Executes dropped EXE
PID:2728
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe" "__IRCT:3" "__IRTSS:26611457" "__IRSID:S-1-5-21-3062789476-783164490-2318012559-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4004

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d53eba1b2fcf412abbce7b8dd07d9a4a /t 6844 /p 4004
1⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:6812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffa4b89ab58,0x7ffa4b89ab68,0x7ffa4b89ab78
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:2
  2⤵
  PID:6364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:1
  2⤵
  PID:7204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:7708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:7696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:7796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4720 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4976 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5036 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:1
  2⤵
  PID:7396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2460 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:7348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2792 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:7480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3396 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5616 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:1
  2⤵
  PID:7584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,15674761364658591437,15559405060818909931,131072 /prefetch:8
  2⤵
  PID:3584

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:6372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4b89ab58,0x7ffa4b89ab68,0x7ffa4b89ab78
  2⤵
  PID:8108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:2
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:6748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1388 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:7920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:7432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:7440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:6356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:8024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4940 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4492 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3400 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:7204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3272 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4500 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3256 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3228 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3332 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2408 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4980 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:7072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4236 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:1
  2⤵
  PID:8016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2856 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:6260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1600 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:8116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5352 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:7476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3192 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:6180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3864 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1860,i,4995412712541427850,6125803270958450882,131072 /prefetch:8
  2⤵
  PID:4492

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:7928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:5372

C:\Users\Admin\Downloads\OperaSetup.exe
"C:\Users\Admin\Downloads\OperaSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- NTFS ADS
PID:1352
- C:\Users\Admin\Downloads\OperaSetup.exe
  C:\Users\Admin\Downloads\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x2a8,0x298,0x2c8,0x2ac,0x2cc,0x71c8b288,0x71c8b294,0x71c8b2a0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7580
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:7260

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:6344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d84e07c0ca4b80fecd252d16758126da

SHA1
355bd5482759aa3d36db2a1a6c2be16bbd582157

SHA256
a1673be034dfffbd8f133cdcf34180f01c8455cee52e428d9ba8c01082146cd6

SHA512
133cfeaca0f9cc7fddd9ac2dfe71c4d79e68a8932067719d3d25429e5022bb2bbe64a31ea07e7e787bcda3193a698241c9b309fbf1953b1ecd4530733c8593ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7802a65c4ce63ab80f6f2665d5e8ae30

SHA1
28ac056780cd05a072d59ffe9f332e68c8d898e9

SHA256
4a85a4ae5f94dbfd809cca5ebdac4bb7b1a3ce2bdeb95b57ea32781d7ecf5e2a

SHA512
5faa5b923de551efaea5d6020343e4cb867c51c06ba33a4adc732684d4977c35bf88cf8a5cb6f7097f3bb010dbad0654238314925002ac90e094882ce1f99e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
5feb9d0b5340c82f02e8c18ac520dc1e

SHA1
4ea2de44eb6e55e4448251aef0c8b36baea1978b

SHA256
5da80c4d28699019ede8cb6c1dd64a3443a1400fea6ef9a71dd09bf308324639

SHA512
a634ffdd9ab0776819e9e08c15e425542f2cb7f2f0f9f7409cfa4e33abe561b3c0d1f506686d0a701c9f4f9cbf1cc8160b1f7c8d2a811b80722d4338edb13cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
392889d8c5e5bec683a7fb666cb27442

SHA1
e3113e719806a521fd514c16ee9b76ad2fcf847a

SHA256
465bee1d3feb77696f48b8a25407ca5dd0100a7f17fc7eec6daf5cbfdb157e71

SHA512
94ad73993554af970265a0251da73fc543cb5bad4bbcf47558befe4f4a5612da673899f523f1bf78b8eb77a0fa4f4549f50a7c8fe82507cb8044d2e335de8d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8ee8a2e6c483b009b640cbff65de0573

SHA1
883fd35bcf017ea0e4a6d13b5fda1204d8e2f0c7

SHA256
7c9081b054e577df43ab15e6d28034a9d90893b4b6e289e37bd2fa0db4c4f110

SHA512
bb8c0df0855d91550c8b4a7a920f37f7fc22f5cde891e2c8c9a1cad20df8a5e736b15717fb26d4581c358bb469f6df043fe2baa92145b6f476f9f7a0df208bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
281aec4c013a3f2c7dc77f8b3d53fb5b

SHA1
462e0db7490d46c27d3027a9fb8e638bc361ea53

SHA256
d34588a7d4b652af21d45827f01d60ba633ebdefb07a279c5692f29a615d21bd

SHA512
5dd5df3b822225f9f5efd2044ab1d3bdea98645fe45b02aca58ea2e0ae21ab10c602b951ac2c0e309cde4d98076faa179318de29c00a23e8606f8dc0e922c978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1acf0eec-27a5-49ff-b661-37d961aef0ce.tmp

Filesize
4KB

MD5
70776e499293a0e04c5f57693e9800ed

SHA1
b94c71d55a5f6fb4ede92670904adf0528e19b80

SHA256
e318057a854322930bd9ad1486752cffa810937000a6779bf805a12c6ef1cefe

SHA512
a09082459f7ddcfe1e0e0dd167b48f9d0f4150b7b34be24c24a3a82cbcb0c45349cd32ab99f47a754749837d942cccb6c3cff20d025a9b24187923c9dd9f0217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2376a0f042ee76e1f77ecb0d887854d9

SHA1
ed6663ac84a1b59ec257959137fad7466f7f0980

SHA256
de3cc21b6a94843cca8170c5c250fcd9891f87f0e87ba46d2c1af2b844ebf273

SHA512
7faa63839a6cbd93ddd6ab2285c962ae6e9a927408e97df7b1a41037e24f5067247b6d80fdf96e3b97c53ce81e0d6e0906ce5c21bc7cc3bae54563cdc48f5e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9f99298d53bff753b98e5c9e92377b5e

SHA1
985d157a1058145484b3281125eead916fed64bd

SHA256
12ae58e5a15e1dad5043cf7cdf40a345a96686d11cdd93d0181a4c3e49eefd95

SHA512
7640152e8d575b3b07905561543a3127d579db12e0c2ee3bca60d652f18183934f71a7fad5d8b5ea529cea56fbd8555031598240af6a3bf08153e1ce82f3f909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5eea42e169428a67d6f7d9fb19644923

SHA1
3736b98671b665d7f2a174af2a7045ea15486137

SHA256
2a4ea5642b2c9d8efbaf76f6c412c027a03adbc98a053338f4c76903e8c2ab3c

SHA512
6bbaf8d381aef8b8cfdbeaff940ea851901a44b0cd3f23f2766cba10e1a5ce84e37560baa45833399a042a89f4fecdd2ae49224440ae73c5b59be9415657b035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
df2a2e70610eedcaf0bec717b1a98281

SHA1
bcc56065b2db0b36888feb17b40bcd651faaf756

SHA256
f9297f3aebb9ca31fb7e8455846c71571711e2876fbc86324034df96690de69c

SHA512
0dea8cf287e950ce014a14c39200cd28efd957e581b58ae46e65d72ef39ebefa33eb3e361bc6a163278714e3d839dcc83dfae32d0ddee703ed4de66efd699068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
3cf4cc028d296eb4558ea16fd65372a6

SHA1
f07575819a5f56241a6520dd07134bf97c5c3cf3

SHA256
b4f4859809a1802ec7070faf172e4dc8313aee180548def8ee9f4fdd79ddc7ab

SHA512
77594c8d6afecdaca89eb61adc2977d183b50df20987e7b24c548df8122e1c73376a9b6e6efdd4a5a832f6da7f0ea3276b4514e00c77b30cb6ee0b1b8b8b352c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
d615bc00d92d79f9121b04f2e41d095e

SHA1
aa6c60fb4c6e38b101a191555f3bbd84f63acc6f

SHA256
fe4d3582f11fcd5e22abbfebeac6533587596b84b6469dec6e385ed73391928f

SHA512
f968ba20f2778a903138a8f7161ad9769de31226494de260ac6100243c25e9ab09046e0e06f06ccce9934247c3ca4244e1ee07422ebed52002bb62cfd92f0566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
a141fbf715f1914a3be22b64f82f2f1c

SHA1
cc905517b285f74f63ccd7ff220a5f69e860fcb5

SHA256
03a8a2b11175a93ec21df0eac5d72f7d13d308db0009da1991fb41509120874d

SHA512
d751a9725d4154a97c9e5a7ff9ba9bc06098f814b35be0833e0d113310435a429542bb870cf0c2d31969ad164662c21718b5147a2873a3870367c409bc45e982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
ed5e154eb6a51cb53b41d2270f2bf22e

SHA1
ed859c162263a6a514c0100a0858c18af1d4cc38

SHA256
cc468c874e873c98a171b8902d15de7a3628e80abef996f4cd65325efa9e6d81

SHA512
447cf84ab21ae264190d24754778f5b5b42899eb620c465ef6146d214e4692a22b611e3cc561e51de43820451a6464de9cd3c04cffb5bdb07fa76cb6f934e579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
458d5a45443491bf2c1650967daf0ff4

SHA1
6bbe3299dc2770289383909db8055ae98fd36b27

SHA256
310302d01a87f69e57a7abe5856a4e473dcdc5701256e5b57fbdda58e8e64ac4

SHA512
ab17b7cd2bc38c1487bd0da43ef1de09505c0065654b8694dabff315589a53e89caffb358f65f933245cc4d2ff7e87678c387ead38d37732547b4e8b5de349f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
276a383237752755213149c7add1e59e

SHA1
062f2c1210636a182754feac6739d5e058e8092e

SHA256
18d4cbe604c35844e10499b258a1b1d17f27d39b5c08ba544e65b78cbcda2efb

SHA512
2158ff9da62bf312b8e7f36c490477ad2db679b2cbbb846f9f9182b3edcab4c698771a955c244a6346243ce1e055bd8f09fa08b1626261a7222c9445e3636f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a54fb21d7a61386e29d40c0147003add

SHA1
a495168881c180a28878a45f3f011d1e9f7335ab

SHA256
1053167fdfc3e8e89e53fd923971d71ec8938f802f55251f08967022dfe2bc51

SHA512
897ba2cf29b5cf846294fe98ce21fa5a19b7ec632fd3a5bf737154e97301c204154119cda2d6e294ef2a2c1739405c246d1d3e58154a76084ffd643d439c0ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
136df99959cfe2dfa35aa1eb0574f9f2

SHA1
f7d944759f59d140b3e31c773d34a39da2529058

SHA256
92e263e72be9c80248c8d92426d2224ee1a41751143621e169352d99004dbdb0

SHA512
66d8651ab879381192f9a1871b714bf6f21a60d29a8a1ecf2b9f7e3de09b7018161b3bfd9475090c34aace6a5cddb7415d6d2766d04e620d306a9ec8008a1581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
56d750dc038737cc3f215ae997b022c0

SHA1
1145c4ed87575acf128672c649a398fdb0505f22

SHA256
06635e4c1da1eed3041617442c649316aa00ae446a0ffda99ef701fe77c5d1fb

SHA512
4bb8248d95330e09a251bc2691082159ca7cc161ed85fd8a35db56a6d4282e77b11025e5fdfc10b0cb87d58197536137ac048bba8a2c02a9b6fc52132592daf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c81022de408dc54a71a17d522c85e6b4

SHA1
262388023e44668f6f2d3d6d7995d75c3df06a07

SHA256
a010199f1ee62cf36e3d9744b8d56fedf12c534423c48100cd75c6dc1a76bbb6

SHA512
3141e816c8dea0aad1809fc72d3b4e938be7a3da1995d0b96298281f49de4ce56c67cd7332b4f378afac029ada11edd3a0bf735a7aa3dee9bbfdeaf54f3504d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a93b3d9607add9892150a71131dc6b74

SHA1
f7b16049d0fd0006d1235d84bb8cac4346e66268

SHA256
93c1410941d15f0cc129514422bf1dddf881cf4dead356ee04150f43d7558ae5

SHA512
62765d6cb667e4afbbba56a9424206f630be986468cf001673df32bfb7a65206b84beb5ed747cec630430006edf913b2682c444ddbbb43e4f96555361aae6401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d7e7caf8886572ffe86ee2aae9276f05

SHA1
adaedc46022893603fa500f08c09c47a3ab5ae53

SHA256
f19cd67baf581b1d6a632e6c65ea10e586f635341564ecc704c71f1a2d3c79d3

SHA512
7f3f765a7668816fee69fdda2678c41e9245725572a7643f89554c9e1d27e49f3e32a396028ec52dc28f138dbd8f3db5fff4eebf576411566aecc2802bad80a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5d3a77169b2a09fcf57550719207184e

SHA1
a52865de1b792adb4f3e26af6f127f5eb7416402

SHA256
615ba40d19698c048273286338f2cae2a74eb8028e1e60810323fe78e9618a31

SHA512
3bf068cbb90e3a1d61864a6234ad13a5e0febeecea52bf843ddb568ff0adf9c0e2a06148fdebb0a42e2680f71609846e62109416bbb1c2fb92b0988cd4675369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6009ae0b6092cef263568a505f66c010

SHA1
023099fbef95ef24816dfb0268d761b11aa10c2a

SHA256
37dc677ede7dad16c33e9136815d05396cb3080eca9d6ebecd07df2903650072

SHA512
693201dbe665a49e70fe7215846e00cf4bfa982526cf98f35af6bd6edb83d957d3c227539c71dc329f01dbd907f4ed926c68551d9f23a0ff8d97d7769bf64216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
51af91d37e116a56d17470dafb5dbedd

SHA1
496405bfe5b666f356f2f3e24a5aaad28db4ba60

SHA256
af23dc12b56322eb590349945605a2c57e8db6757fe46db1a12fca3b84a55039

SHA512
f267186aa4c9b2c26186f6d3ca0b87f2d08f38b389bc29ff8ea8c989c0c83685553e9dedf56ab8deda34cb80104f8beac994f8d3a6498cfc0e7422b496a06aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e8892596-cf49-4d48-93e0-7c4a962555f3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
8601e918269d20880c0dde468c015b75

SHA1
8a047e8fe9a29e08f7093c7d821873c5892899d9

SHA256
14c368db9724b7858be75aabc54bfb493908fbc7b188bdaf3063b37b480e5b6c

SHA512
2a771281f10a7b19f3ada4fc140ea43c477f315b7d04d5abd9e1943275d756969c62a57c96183d92c30f7aa18ef52f1297fe054d2ac72eebc2bb3d33df30b3d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
49054344c08c59ef5ce4ef19ba0ba7d1

SHA1
0df825532217c9ff8b118192494db2f550fb8204

SHA256
31ab03fb76a68136c842095dd2581a6d36012985ad6bea9c5dd9f494725ed630

SHA512
0af54781660dddba51fd8bcb2f2b52cc5ad2fdc14907bd948c6213f138f5da18dbf2b7ead94744b623aa9d54e8ff4a523352e24fdde63e1e117d99e71887a05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
16f332e786e6dad0ff433200c3dcc52d

SHA1
52390d7e8ea18dc58d1d920ceb4fe27374d0f2ff

SHA256
6df29b7ee66783d3d96d4a8a2d65f7f32460613c2fb9192a4131b780fd7a28d5

SHA512
40dac9ae4a788e7f26d7dc5e758982e28d9ae358abde1eadf2f320d4d76a3e3859e93d8d89f5b25cf713881cf6f4023484296943497014cf7833fa2f964ad094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
d04a51c91773cc4e78e9a3fde82f31e6

SHA1
060c8e7a1059b8b2e78bd5a47aa51d6d65d4810c

SHA256
ae7a2a5df3e65f80f169b0029fef999adc2e73610259bce50300a39c1b1a5dae

SHA512
8a8c4eb717a69228a9556909c15f11ef325edd55ce4df93f0a7a9ed1f0a45522c569a9a696275870cb62b6fee41feafdfaf36f2da5c45a94c3a5b8763fe84887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
eaf369a666b92db3e2ce36640665d6ac

SHA1
a8b4430ce239c1cb81708799cac05b035068803f

SHA256
e1466d331036ee2d118fa3673b9454ec39a9fa7f69a4ec9c2c4ab83e46c05417

SHA512
8cf0f89b298569e18e7a762ea7079c3d4609eabb855bcc886bf237319726fb0623b995d6f5a381e191b75980c9dd2a7b3b1c7a843085f866b283daedb77d866e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
1a6cd1291effa8ca00c64803f8123438

SHA1
5e0ed0eabd8b36be58e411a30c80cedca5926182

SHA256
28c23875e9f293430effe669e01532a5c10c8e42b09368137a6c12c34e3c4863

SHA512
e226c1a6cfec803ee40347b88b72575e8ecff94f822a351fba5d63dc5ad96c114c814288b4b4f6b20a30c6b364b2561aacf14bcd18d79eada681cbf1523ce95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
3a9abdfb9a0f995fa749457579dd4d32

SHA1
64d8cbe715ee4614291dc862ecedfa641f9c16c8

SHA256
d09f6ff9a19421ad2cd91b70f420e6bb566352a3466a1cf76abbf8c5718eea79

SHA512
25b72c235ff301555e283ebf6b209cbc74c676253b748676820d3fd7b13dbd73cbe4040e7cdfb2efc57aeae0961c2639d944c529bce3b01fda929b93d3ff2e5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
fbf0179b5ed3eb2bfa643d4a75f7365f

SHA1
2021306b5ee032e2cd8a081f3c5ac810c9e525f5

SHA256
908292d33265cfc2980e4d06193237575503e49031aacddfe5b6a2662bda3dfe

SHA512
9c51362b8ea3a45336792d3372f8e6ec0394d74e33babe981b9db0a345fa972ad14887258abf7aebbedd986e73d0180d359c2de0536cbb95df13ae2d0e08ef5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
4ddd48706096a5cd9d9e61e627125090

SHA1
e5e558bd0cc4f2360d6172c320723f5ae5e06c1f

SHA256
ee93cd9479bb08f3233df7cf47f5a937feb03ee3ad7a0dab0c8125518e25e19e

SHA512
e7c8359914bcb8353f16d8ec647576cd4329c8b51573a46fd543baffe55a73e41efd057fb3c04d935d7e9edea832fb77edc987f84e7c1f576e44222bd4208d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
ede0bf217c867030fd2e4359f5ec5458

SHA1
ad1aa902ffe4160e04b2d50da96828877feaaaea

SHA256
fa7b8fed42afa6c104a6cae36fc5ec7996c7e90de853b6c06a8d0b3b84aa7ab4

SHA512
236c259a30d5251347af7cca6da5500dd81797f74df5d08d54f786b6307a1958464d5ed88cde17f46d74179180cecf2854bcc5ee0e9dcc568434446922057eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
a189a49ebe0ac80f8ebe8973586df7e4

SHA1
1f629b982a43dc51f3f4762a89908887775851b7

SHA256
67e89cedd75c184e9edc9447a3d853a1f410ca60a3f695d4d3fd60b161f3568a

SHA512
dfaf87eb452ed59744103a331ba014853159cecca83af23529e1afe528e3cb17f241e11adae5296a1f58e383ada7c9a505e9386466bce90beaff1093e2d72561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
33416eb192e3f4009c18358382a96fbf

SHA1
ffd46261b09f58a5e1cf3b83691ceed492503866

SHA256
4a00e978fadb3628381079ea66164ab719997a294419e38f33717abf2c2a4f99

SHA512
10e16f39f6825ed5bc79642980416d3250ba5f6a47f8c3d2feffede0d5e3e7e7a53986812a78f326a4a5b154cf8ca1747e57a2179a5e93c907804a1f4630c006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5e12ab.TMP

Filesize
84KB

MD5
d2563be6ad8ff2641e83c336e5939187

SHA1
0859ee62ef655c6d4edb644bd6c8863e253d3a06

SHA256
63b41a145ff410504acdb0c3506335bc8e177b1447fb2b359d64fc4b2bcd72bb

SHA512
ca92ab37d09c03f138d3a36ae2eef0fcdc5a88b11573c151407d7d315816dd0f26201dd93679f3ef767d4266ea8a69b7cb6776793e19acaf4767e516e81e090e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de47c3995ae35661b0c60c1f1d30f0ab

SHA1
6634569b803dc681dc068de3a3794053fa68c0ca

SHA256
4d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7

SHA512
852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
704d4cabea796e63d81497ab24b05379

SHA1
b4d01216a6985559bd4b6d193ed1ec0f93b15ff8

SHA256
3db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26

SHA512
0f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7840bd64-ad2f-4cd0-ba9c-d274d58eee8b.tmp

Filesize
3KB

MD5
01feda48bd12978f9ba065cccb0670cd

SHA1
f6a5abb71bd3a86642c45afbccee4102be2f95e3

SHA256
86f4fe692a935a2c4621b99ecf759d36dafebfedfe7c4f87c86d3f068d787e2a

SHA512
886154c3b90a401bd5a975083dfc45bedf4c7489330cf0dcfd7068be8df2b29257dd683926709555868427d24e28a26e39a3d9217809f32fb80ba27b5d5c8d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
39KB

MD5
395699fc7fc3283d3bade75dbffa446e

SHA1
c9474c5a587fbd3a25c0992f1dfe7946e3b7abba

SHA256
a184c8951b524d5a22d7bca69a0d775523e8c095d158f80ac4415d87d17acd1c

SHA512
70749ca5fc0cc5b9b85d13ecde89ffffbc1af7b36a650be842ff303b0ed0ef49e8d9f3edb91324d42462446b882b2558abff235f42e300226e491432196ba8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
1.2MB

MD5
153d9573f0f824b040ac13793d95e406

SHA1
f8a73c205962012c4fa5b93ccbc77d7b1be3b5d8

SHA256
c70c12b65715e837682baf0eea8ff99a7531d9036b0b5a9d640def85df92d016

SHA512
5e0f64f8d333be4fff5b869952fe18f3189d6af97bfce10aad8acae96153b790108351083f1b80c40d76cebdca35e5d7e0f3371c588a02c74e6ea0055a3d2b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
29KB

MD5
39f027118839eac1d4bff31594ed9567

SHA1
fc5ec56a867ed71a1047088f0f19d01597e7ceb1

SHA256
1efd03bdf9cd26e0e8206e61b503505c7829bf2df4bbd17d722de8f2401099ca

SHA512
b8ac214056dc08ea4faa5d9e41489e1ca27e4e5b98ba242b71bfe286ece523507f627e532b95fd7437468c63ad935c6d1e25f448e03aeaa285bd86ddf9b72515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
16KB

MD5
7833c1f0531a31d15c336f1cde00ab4d

SHA1
7c2c37561a2f31cbecffcbc52dc72831c137daf1

SHA256
bb3f89823dc4ece6214528d728893b7a0e18231ea498c9aeeae44641eeccc86b

SHA512
3a68f53bc867c41b778cbe6015d3e79956bd0fda357b2a826a0a70cccc7eaf18563a75617a9f3720069743fd0b35faa9327f0834c35e304334823cc4129c0b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
132KB

MD5
72a0d6ef44a69f3d95d60e43244d1cd9

SHA1
ae0a6e2f9fd60d8b0959d7dc4981f50d8381510b

SHA256
d37767153dc1f17765abd6b4751eea0ef8a33337a67c25aeb9548393ab581595

SHA512
cd0355f4b7f477b6e5ea354d9b21dc89d433bad7ca7b6e08d3bd1fbe6220aa2546bd9da02f904f5162e27a121103a42f71aacc55c9f4d65afeda5a8148a78569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
19KB

MD5
1d05cc62583a7db7139e30dc7a7c24f8

SHA1
001c2cb08fc747cde1028a45b75e462ab333ea08

SHA256
35d0d6598bbfd4722ba330d6d957829de05c18706b4ea9443402298720beb854

SHA512
f4ebf61f3a49256e0a1c50e88d940d75891b54a6766d68346550d0fc04d65c63bc6224db35bc150a108d6dec981cc9b292aa90d7c339ff523e7d3a7f90b3d986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
20KB

MD5
d8d9e660646c687fa5a294171aa65cf0

SHA1
60fc6e0281561140b277951410e6435b1abe2f94

SHA256
5bfbbf8d5800ef137b20539189d36c001189345d32b729a713bf4ecc2a55a331

SHA512
696701063968c133730da76023000c37e081f24e1453a8084cd2208ac8c44a9f58ba6febd0c7e6227bbbff0d44d35576994dcde884696b7cb2e71a09e3155b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
20KB

MD5
5c1f7ba8bf997661506be777bca878aa

SHA1
d3950b53e1c0450c6b2879f077750509a967fbaa

SHA256
5ae8642387758560f88b4b5af22538cf8543616afe92a309deefd4519b6d0026

SHA512
75bb7dfc0f765848c4e8c2e47482e301c38fca691ae8645cf1f0b15333a2735a610baa68aa6bd4bbaf8ccf6b1a91fbc521f25df5be8e50a330b6fb49fc11db50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
103KB

MD5
144854e84da83ffea974a51dc947756b

SHA1
50ad7fa26be4433392808f4e3f0f79ffc273cd78

SHA256
8c008eb45d08a7cdb74767dc72e2e47dd33264487749dfcac472f8d9e1311c12

SHA512
515d5343fd3da1fe397d6722bd6b1ef8fb5a971ba8f7ba351e5c022883f3f4a9b145c70e0e7c54e5b424047adaee997095667df62464781a9f684e74d752db11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
93KB

MD5
4158a526746f281c8c55c8f73b3dea33

SHA1
e7df838bcf2cf306d2271f58d2e44137f72c2c4b

SHA256
f88aef59d9ef34a89f0de40cf0336d97f814029412036886b4d3822ef8672557

SHA512
01a4f272ca73331f1418acb22cbf03b14dffe044be4d80063be1f208511bce3e8bf02f9c8b0ca434019d8c4c9342065fcc78d04fe6c1208bfcc3065ba9b4fa6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
17KB

MD5
19c73397068ded824edd2c5b13d0a9da

SHA1
7f0f149b66309aaba41974d524ca69390a34e4f2

SHA256
8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100

SHA512
8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
141KB

MD5
e37ff0d4416a8481f3aeb89420492e16

SHA1
06f80ba46de90e82bcf70554085c4a0fd3ae7e3f

SHA256
b1557195bd8756b03e934fd9c844925fab35abc621688ca41cdd9040d5cf1d1d

SHA512
bb5cb5261d2aebed208b70e192cfdd792159d483344e2cb6291d06888c6aee9a69e85ee89f1e77751df771fc5c02106e1cd4649252082d3c0def5fb55850c1dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
80KB

MD5
8d1fd5c2b0d1b6fec9525a056a84add1

SHA1
1668751c5612fea73365b35943a11f111a0b9fd8

SHA256
96c1964ca86c79890732404099ee6048b79bbb60aebce67e6cdcddf166244707

SHA512
89aac0cf4e487a5ed764b0e3320f5b8da01cbfd6d27c623920dd3d853428f13d422e5cecdb0554a34732a48d2a3ae6a804752c9cf1414343bf50d1e499dc3e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
145KB

MD5
819b5625c4e5692f44a3980e8355e4e2

SHA1
d15b91bdef9096dbfb51bc8b26ece392d227db05

SHA256
2766b7c20bc5307d3fbdc9ef0f02c647d19290bf9d94f6fe32f7eab76ee5fbc4

SHA512
c2a579d7188e9a5073ccf373d4f55ba91df0b3e095b125da49081e2f2e624069e52f225b22cc8994b60e1de9519e875a91f0685a4076ffc6e7f7297017b2a761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
17KB

MD5
986755864903c92155826a7cbd4bafe4

SHA1
336ea6987616b58e5380517ba79917b39f3ab58e

SHA256
5d630dc3b58bc756824c2dd8ed452b90fe32ae59c2428387d756a15e90da3aa4

SHA512
cfaecb02d5531f0f2edeeb2ed42895deaf60f1d4a30f9bb2f856600c20e10979ae82172cd7e4c40230f5248a8d83c05bf59846bfeabb8cee0465e752c29555cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
47KB

MD5
ec967e4d4d9a276a1983e26c62291b09

SHA1
3a2434907b0c539309f2f46271be1af8bd959bae

SHA256
8aec30fe4c9b9a49dc74309fcd74a899e2d1a5981ac2b3f85af41de124692a6b

SHA512
84bf01f14259b8912a2d8c6166545e9775c9697781219341e981fa4a5fab7cb631529c0a42f66871029f3b877e13407d2bb389d99e9c843de7840904f634df56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
80KB

MD5
87e22a64675b75658b57cd1339102568

SHA1
a3021f1fb6261e91abd825793f43244b2b09502d

SHA256
c9cd0d9481db2ecc95cf8c7452ea811b8bcd90ec710c47708fef4a72b2b5d3f6

SHA512
e46d1ba9bbd093d4af10d3a2d0646d7c7a5b488822aa871ac7698901364849eb36091d598efe0b883b15cdd5625199d6a04ede83a7809c0b3df7702575bfdeb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
66KB

MD5
a3ec0c92a7805c4ed12307e995ecb1da

SHA1
c6b0e6c37a34f089c463d107f3114196bf39e352

SHA256
2e6eb97d605ade95536e9cc383075ea9e8966177a3b4ce95fe2ccc2f42a1d15c

SHA512
89e7103dca5ff8505fe236bd6795e1f21823ab6d86b49a56fd52afe0fbf6413791633fac044a7cab62764c1d9bde81d10ab3f6134c083edf9680195e1e92117d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
26KB

MD5
26088c06661d1fb4a002e2609404851b

SHA1
31293824e0579bc790426930cf73e9a0c71c0aa8

SHA256
8e9b4a4680b498db825ef610e4e7c68bf3dbfe95383031c7531f1e6dbad454a8

SHA512
3527d553940a6c91b5cef149df40bd5537e46d16442b5bce1e593e743014d3f25250ca8008d912b87b41745006e03e1c942be94a1590b36c1db72bd8ba23e12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
83KB

MD5
92836cc538905888b2e871bea4e6f94f

SHA1
c8e5e01138bb0f3ecd12b34ed53f287bff75e930

SHA256
784fce7867fcb82601a868d8d1620d08078a8ac1d6003f2b0c252ae84060fb41

SHA512
2b83c562e32ec6c1325525521f58862cab9f8ce204804db785ba511e4aa447029f9f28c11dbe4c3e3fa0a16686d334ed97db3575e1d08799a1f8ebd9e2e2d7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
94KB

MD5
7ac69e71398e726d906b5ed9e9e16812

SHA1
c410a101f0b7f3098875b666767a0663a53570ff

SHA256
3c6bc181d8ecfdee3f41020b7246b54243c12562f2f119d3efd18e6cbf06a2ae

SHA512
4a6e09c25ef234a0ca0379505b04541ccbddfe6ad2e90425921c8d1b6a512fb74aec0e29eb9323cd188d256ac5a516572b392e1e1fb03e0bae2a9ba3789c095b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
19KB

MD5
23b27116b3c4831452570f751338a118

SHA1
7d554a38e31099d02daafad046e94fc1adccedfc

SHA256
c55c717441910dabc60477e7cc7c912c593b992a88fdb173fa8308735b07a69a

SHA512
ecd101f01cde501c64d961d050686245672426afb50ab00cb35e9462615477a267568cd3310fc7e5dbb39e345d0a30cb3b532ff2e0600b08a2851fcdbac13828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
64KB

MD5
0303bf17ab505ef511c499c69433cb70

SHA1
ef24d4276a7142dc8cb220e32c841bc2a592b11d

SHA256
96226743d42d49160cd5b450874a2d556c0f2aca866e9090b4f5605a515a4a1f

SHA512
e208862e2500e3a7bfc91533ca5bd48e62f0d5d1a4478cc6c23e4ff2ad6642443c6edf0a0ace839d2730cc418ff7db0dcdcfbde74785b4dcec750e3046002ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
54KB

MD5
2e450436c615bd552d2f70245c66259f

SHA1
1063533e8c7da37302a7998f26020cbf32d22d7a

SHA256
905d3e553e4422c5222b8c1280ae28aa047aabb4c71fd4cf8b8517c45e87e9bf

SHA512
c9db525c1a5a3d848aba5306a4b5feb50f0dc284a09e4c55ec2abe9a1a2be30a428ec5bd14101b05e465142597059f002f4ce23885677305706199c30a7562ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
62KB

MD5
c610514e5756020cfb3c727b77b2c83e

SHA1
4083cc96db7af4deac95b32329baa78b7a584f49

SHA256
0148f8f91e2ef35d38ba66c9e01f3deeab27bfedcddc77cd782908c401ac9ca8

SHA512
039625607b59612a9eefa3bd00a07be62cb531aa201d1413da190ecc9ff33e35a8c7a4d095615dc3d08856de1c0ff6c4e080bee8b7ca53174f78d349a2fc6572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
1024KB

MD5
5c5e794c1dd227f715c31d839778bb0f

SHA1
9af9df0957815bd11007184b940c2d0ac8dc933c

SHA256
8ddd3fb6896c550c5f1f23b0b260dc9e25ad51e8eefd53d4edd45cc4cdb7319e

SHA512
0343bfbc478448b0e4bd924168f7005bec9cd65ef9e22e97b38e97bdfa2598ca6756049483f6eb0ccff6c8727712c987c659e79c6616611eb81475ada60d8cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a29dee33ab7a1a0_0

Filesize
400KB

MD5
67775ae07e39acc4f1361eecabee5f67

SHA1
15d9bec45ef2f02a5bef5d6580c703f023f5f31a

SHA256
c6a2740ec70bda896b4f3160c5c87d30352ddd6f7be6d3e24a30c8c8a6408595

SHA512
090c97e22b5f3a1a4339118b8281916d50fd96ce3912f4ea4fd12075f1fe189ad90bd6c1ad09d7e8c1c5370f51373f436db89fe25c7bfd6048a3fe5c8a6e5906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
23KB

MD5
cbedea5cb26037ba0c20f155142a006e

SHA1
b579b5ed74ea2a9ed732decc6100ed2d3cfdb32a

SHA256
871226d589af0f889e32b4162f1752eb12312cab439f40dda3cd71cd1856a558

SHA512
9e0ab254969010143269beae9d8ac82f9e75db2ee1d7db41a431aa913409c95d57bf8e21467e5b30694a8883f1885e942505519a5f236dbdb8889a2e6c548886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c59c23a6c74a46b_0

Filesize
33KB

MD5
6ed5c08b949edb970378f95f7dfe884b

SHA1
8aaaaad0014af56d146ca38407ce22497dc33f8e

SHA256
3b8a18f12e3faef8abc527b8467079fba8656106b7c89e6439bc149ae517843b

SHA512
156c12dedcce5e75df16fb4de3b3863edda5e78311b9c9c252aaf7a22a3d018b3736dfabdaa11e7cb83bf4859579f824e235a499c3c65c6b29f3fdde9804faa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89a1a345f94c277d_0

Filesize
3KB

MD5
0f804bbdc5cf6f31435e69b9fe34ef53

SHA1
e21156f8956956d9ea45589e2824bd9ab422d783

SHA256
b8f238917e621d22997d06330d750140c19b7cb848b8786275369daaa32504f7

SHA512
a1faefbc81cc1de994bf1e4da83f548f00c33f0c374a6bc68e2aecdcde47750eb16c0a845da0985d1417e6223d93d4b6770f2241dde43051287115aef3c47290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
a1996515ab8aac61b061dcaf9fc87aad

SHA1
d603b97f69000613271514d6caff8977300da0a5

SHA256
c1901af530a201d0416398545fb3ada4cb56b38786fe1ea9a02019c64f8de2cb

SHA512
0a4176e97f70c37264d1e2555c8dfda68500d2207fd4c013fe057b43503606e987d28434f9b5ce75eb7b0129c4365ac59243298b2b89f01705f1277db1c17294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
903b0a17261529d3ed21055f0731d1c3

SHA1
3b7a1b38e3fa3b894dfad5e5047e47cfa9490a73

SHA256
52ff794d2d2ecc906d2103c4cd7bdf78038aee02d3410f94f81997e9507a2f3e

SHA512
88c4c68054c7d971ac92d74ef5a58042320651f41ba16037a98ae85ef10d2d5274512f34c17e3706f26939b9bd9981f03c68bd5104cb81496566545668d936d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
412e23cbc4936bafe70d6122de2cc071

SHA1
c222214c82ecc07a8642bf465228c2b5520813aa

SHA256
e18d2bbc1ac78eee5db4d0181d3099088afa4d97555d3cb5097d21a4e8ae2738

SHA512
3532373b9dfc69bff243e0e7eb990904d7ad52ccd04a4570fbfcfeb45e8c1dc5208d0e91b5b3f8d1bcea6c98e6091e9d3ad118251f8f4eafe19b9aeef73548cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b217c221819f29172fa6c160985838e8

SHA1
e8f4df412fbed171ddf30bd1acff9989a2ef9b43

SHA256
c79968eb074bf3ee2ea90c5e7ad397d8287c5bc808aa944250de75e29e2e6a45

SHA512
2d2e06b81f6f73bb625c5c1212dd932b5a41ccfe2b42db927616dbafc513a0bd5e07924369fa2726c070ba8d84fcd59a89ebeafd99374d331ccb9dfeaed0eb0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
4fcc381edbacd3ad24651d4c1e1d54c3

SHA1
49042c95b061b9ff6f494f6f81e77d3019a5697f

SHA256
9f5ea391e0631481ac4a2eb217984eeff665875ef0fe5021062b46859d4b9087

SHA512
42eb29c2c113866b50bfbce8c5210b87e7af779c19fb2e63055e9a5b9b76d774c10b85994136cadb5be0afde579e11dfbe9d380a4c2ba6fee5a016d3e749e3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
285b270d8d5a4a1da070ae1d214116a0

SHA1
4e7b05f259f661f6d799dbec3f1478af34d92371

SHA256
607f7c39927f0c2458a597846d1bca3a3430ae5c143bf42db4f1614ab9978b3c

SHA512
34592a38fda7373f1780a42b4939f6e603f1707080dd37cd490c77c0792c5984fa91684284700ab099d30abaa8b91030e43d0c15368138dbad70a6f25cdedcdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
7350a16e997241fdabcb30d75209a271

SHA1
bf5f6477ddb614d68d893c74d819202c6a930cf5

SHA256
d017a98d9647d97f62f9ccf4ceca5cab2a1145160f9e4d2000305004f6dcf4c5

SHA512
a8e4f10ce86965fafd825bd394667cc09cae5e4ad5f8cd34afcf65499157c03258a18d64ca0dfed907daf404296498c61f85321d9b65475292b75e85ab1078ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d508256f983b35396df4ad65bf419527

SHA1
363acbbf65567c3510b85ba8c8e672cc1f36c795

SHA256
cb42501fca765d37cec41256cde85af0917022e1727c9f1ab5ba7c339699fd8e

SHA512
b194bff7c66e150dee92e49123a2a00dae222f0d02e629325ba8c70f08734b29e538de8c7b3c4929e1028310bf6a0a2bd77f0bad221edfe604f3f85f8e74ae52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
47f97acc9b5371d224f8061d02954a5c

SHA1
c8831359f46fdb87b5aa3baa6b8fa25743936a36

SHA256
d954278a910da6d8ae4a83a54dcbc40a5f0c47e1fbcf3003998b9b3a881d761c

SHA512
86346deb6a1ac5c5fc3e006cef8a4304cc80ebf18d4f5440d6e9c5e784d23d621deb1165850c3d57035bd69875df2dff95dc27402f93c731ebc9fde929c1acf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
1c864efc870968fd8da1757d2c21acb8

SHA1
be0c3e798f4890331030f1e8306f9014ef0bc24b

SHA256
f14248186b169b2af239b9cad12a45bb8c4c1fafdd40c1665cf8a170744f5daf

SHA512
8da9061abf43cf35ca793c2460512d11668520ce147cf683c370773615350b9a70cec6c5144571fd5f9a03f644a5d30c235a94e5993d940203b55ad25073e395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
642dfca95f02657160af0d2f6c595f1f

SHA1
b54ada8531a6a3ea08b53f6bdbad1b2a072b2c0a

SHA256
a99577ffb790c1604daaf73867562588af441fd1b436b0a7059f56f59ab469b3

SHA512
bd425d606897a3d624febdcabae4ec1285c675859a1ddc7fb4d3cfad6565268c2cf147f93d3c5bab7dff7de3a2beac1388d06dc6cb580da841a26bdc8b046045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
bf2cf3504525065491172144a8094c5e

SHA1
b2a711be0315e09ebe120a8b992bd459955c2953

SHA256
499b6cfa3b13cf7b43050e9712c4937a6a72309adeed931ec6e53918e808fb70

SHA512
9afa36b77f9730d11a857932c06b641c6992065a304dab48d6fbad499b7e0b7a51bdbeb1e0829493285aba6c9f7316f5150d0df3f07d70a46263bceee67e4784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
4407d8e90192717d06ba9451bcb87e11

SHA1
bc754a1e0592d5085f6927f467d3040c83080c1e

SHA256
80425d23980de6269a41e0ca4279028031eb5ad7479672d2789d914a5ad19f1c

SHA512
335d67fe9c15b20ec5676e6d60e916e2e4d13f4e7e758d07239e6311289170f45153fb83182b9ee72c0e9b46e1c80ba110489319267250e4be2e9cb3206b65fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d3c27bd59758aa2ff0ef9f698f1972fa

SHA1
1641c6831c49f1b211c8fcf92c9ba34c420a30c4

SHA256
2cc1c55fe884c7e28ada43be1ef7c0a7ae921885288b46cea65c94aac3e10701

SHA512
50d51e002eb35ee377f06c2fdc4e4311a5236a963955afbf2396d31baa1f1e9d6589b187563802574fff2cb6193e5ec021661c41914a965e4e4a57b19ed1788d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
f0e09229ac5bf3a3624636e1f848a68a

SHA1
73783019e3f0864c1c184b42efbcea37a8b2e90a

SHA256
0d496042c62b2864e8851e4c89e5e4c214e6baba79cc4bba427f79f934901748

SHA512
309eefe8913f9894ea6c33021a4d04e1e32e62ffe1a95846c06d4843003b2a4655ecb951ed770e5a08480cf6d50d744cb90e1e91f28967dc6281438bbb7d8e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
0d9c5510e6d632a79b332bcaa665be62

SHA1
dfbd3eadf952b46b7f58fef25ea45c6bdc444abf

SHA256
6938bae523a978ac0ce756aa33fe8f70fec72b8ce1ef2e3a02cda2a759ce0408

SHA512
b2288dfac4814f32dd0143f13f3f9c009dd3c0c30bb95978fb3ee2cee846501b97172cf1911457ba774f73f51510cb85a0735c78f4022863ed496e1740eb02a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
641fc8dc3ab27133ce39d0ff1b459717

SHA1
23769328d8a852da5b1309d8232f8e7c31cdd462

SHA256
15e707359542962426ddf6623801c925f7ea3a4c0502847e97fbd89bc83cf723

SHA512
c779baf58b972999e5ec2eae5a0ad97fb7caab88d8b2281cadab773721481748037ae87f1c76e2d421a0dee2c6e9c25882691ad7f462c55d966bc1615da2bc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
b7a93dca6897e2e9c7090e3958f3a6dc

SHA1
c22993b2101fbe62f4904ff6d392f652608609c7

SHA256
7e2b642e5730328c40248b35cc6494c22cd3f2fbf2f504e1c6c721b7b4a85332

SHA512
be9822c802571c5e901579b1eaca7fcd503d21be42ec8f3cad4d9c19b8f43f28bd16a2afed4ec76c62f08512c71cd2f4b8890b4703a112974b8993d18014112d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
938f7404b6e1a98e45d401a4b6f6adb0

SHA1
447c9f12051c97140a9871b534df3e3234ebe5de

SHA256
d8156e10c5fab7fe2689156dfeafaf3ff7d9fdb63527f20513d615672dca730b

SHA512
5469431a21da0be38bb7dc5f7583b82f5690383815f5847ec0e0719cde27c863c45c580cc352879f54cf985cc610cb1879eeaf95836ab27998a8f500f9a22344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b0c24c85fbca43500d95037ee817b520

SHA1
71f1926029061c235d2137c39c13a4719541f3fb

SHA256
c122e5f338f30646b4e78e661c5f6b77b16bfef7999c8a3e1ba4d46f64c9e79f

SHA512
ad9ff0fc18d87c71e3ca9455fd8b3e43d3e352da3f63881999625609aa2be9124a21d754c18cb85257b20c9be4c5153d48a0a4814f4188f5563825ce9169a4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7f364cf662076e5b24841d7b96ad71f5

SHA1
d1d04bf13cc48dd10349750c35f95d0f75b4392f

SHA256
9819636a8dbd46da4550a626f956082f3da5251078f543a3b592c224cad760ee

SHA512
43b627528a43fbdc0f0b9b55da406798136eec65e77806b6c291c628718514dac035c324502de727d7f5839672d9750d47dd987ca1ca4703d8507a88ad417591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fe227baefb6f6fef33dc3aa9be4bc9fe

SHA1
59c2444e7df04126a340b52e7b4ba47c322d81ac

SHA256
6bbaf3affbe392d279dc8f421d6bf6a218a0fa54a95ca84ada0134383df81a30

SHA512
4f2a211abac9b54cacc13c98bffe495856b55ad972c78f07a7111b15386a876f3ace6869e0a7a3e17b9123bc970f6d58cb9f67635a9162d6ea4c3f0e72e4ab08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2f10e213922cda98185f494dd48a2b0b

SHA1
49c4e99aee03d2b41f260f368329bb4482a78328

SHA256
7747efa73c9e2e76c61d696dc2d258ec4f7c2d758f441ffd9b18913af0febc4d

SHA512
1193ddabf2ed59936511897bef85616cc905aef8b7303658763356608021c2ac4228e674187d9ecc4adf24d0154b1dc3239736c8dcf5c48391dfdae014e235fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
b44304253ba9cd423f59a61edd4e40fa

SHA1
b5575f6f568daef504283c78621e6d96a4c939d1

SHA256
44ab359e3bb52375f522c24e71fd02cb2bf1ca9fc4ebdbdc920f2a594f111079

SHA512
5049de05eda16471430d9bca68bfaee5bad563befeb4b40680eb0473129eb801635074739fd8de7eadc47aec465569e5d47239ca504dc2a9e05886497a54b45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
58d84c26f324832c6df0ea96c3bfee88

SHA1
7a9f6e066db9ee3639ed5f78eb35ee221c2c6ce9

SHA256
24e92a0ed1fbad43d08463ba43df1273bc255e26e011c65edc6eb98cfe3f3b9e

SHA512
14cc6f9138ba39df0dea42397962b0c39e2ec928d6e6ebabd768b97f0fac6c581cb14de774b8bef24da4a70d7bc25b0db24b1875d1585153b75896dfb6ce5729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
34baba016430f01211d023f3b239c34e

SHA1
91938faff3c1e2e0277a54338e0c0cfe92765218

SHA256
b5c5a6bf46bb2a2b88d70eeb4a356a2cfacaf08a3a6e8d62d1c143325ea210b1

SHA512
5fc872e9398e6b4ac4f186a74b3eb460f01767edf97795db0dfe302074bbfd5cfce35ef3b401c5af49e5f819bdea2222241ae86a297170f8dc9e36e0e2ceba5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2583a6194df77e84af5b30bdb21a5d7d

SHA1
2278ecd024c0a6318afa72d40783741ca7cbbf31

SHA256
6c8f9823edde2d453a7d550c007ae6f1cd45c0235458f3d0813b7be037a41786

SHA512
588edc7ef5792627743bb045ecd01bd77a6e5c1312d2a4fc5db01cffa79c8430331df78b499fc9b1d7332bd1ec0b682f0ea746c6645aef3371c175eea5ebece0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b08b0e2eb19ab94ecee4ed3c815f0f8c

SHA1
bc1a572fe6452d40810ca2021aca987d37dce5c1

SHA256
ba30b0e1d651bc23c8aebd2d72c8906ceca902c1471c58a2a8ed646383a7c4fa

SHA512
04ded807eb60f25f422a50d52cb9a4c4d224f0adbe2596b605b5e91743e2d2e67843c50a089bb01b8964c059ebde1039a0d67466d62496c18bf3393f06a4c835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a06bae09792bef8fd43733de7dc63f95

SHA1
5b3932e4b590ebd5152a7cbcf465ec54c5821f09

SHA256
f79ec75a1a5a51b91687fcf2b2290c6539ab855cb9b45b79ab9a1226a6d7c93c

SHA512
b1f13770c906475a37692b81c8bdc50dfbe313b62eaa1a1ece1854bcee76a24336595eaaaf74c2613e0a3db36716d475fbceb552e7153de6d98f99766ca2900e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6d3ef0fced04d0b58f5214a6b50215ec

SHA1
119f30664d88503e309620b0a2898b2bf3d06a45

SHA256
b32b33f24d3fca0149ca2a4c9bb6c41301ceeab092a83789c0144c52fd048725

SHA512
a1065fb0ebab58c0aec0abee6ab42076b9f51e9f137cacfad8047a58d77ca1cc09e6a73f1998cce5196997a258bd844d60a9369660d527104a428264b3a03f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1e96896b1a2e1592208f2bead7608345

SHA1
c7a3c1f5a9489212a6674409aac692f29045c6b2

SHA256
871f42fe2ac590b53969fbee34bb4d9bac23500afe9af8b1fe3797fca725c980

SHA512
2607d0ef4d9be7c6113e63e900bb63836a74747d2988f080cff7fe0f5b6949366deeb1177186b391834e703a0b980cd76faca421be277867b0970a07b25ee399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
49b02ab474f031ff4cac543a107e216f

SHA1
57d4eec7822ea7fb0d23f1221d421ae2528b24fd

SHA256
91ee16729e69a1fe07cb019cf97ab7bbbe82897a4c394c09442242941412be16

SHA512
c02870518e11f66421c93254ce850b628f19ffc901c9f01fa817769002f915d33c735b31d9c20b128f768da008856b676251b1f9ac43316a34c82b16bb680dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
136f3430c6cc6c7734a262393ccb79ca

SHA1
7dee59a893a77817519260d1e69b0bc6d62fbd5e

SHA256
bb30b0ef2c9d2cb79fc823827f79141811f150ac45fc4ed97836f7397cb5d5ed

SHA512
3e05437544b89a32a1ca3b0f22029e2e1d8f50faf8beb9eca6c15cec65cb6a1286e67577883a323732d99be79b4b1ae256970bbe48b12f531a8b820dd661e521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
204acdbfd52b8006c63c35e6d2fc70c5

SHA1
f10959b2e20bfd3174f02abe1ca67b270f038784

SHA256
ef9afa7d912fc9d40004a54b52e2e6b70f7a7aaf0417cc0ea0e38df62f29e678

SHA512
a436f0fbd02e3f5c8a2a02a5ffc546c5ed2375fb95cf888c4552d4553fb504215ecf3212696a191714105d256a5d66892b99012fefefd31bea5477ae91707c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
685ab89b0f0f7cf06f6b5cd8ed3c2b82

SHA1
741dd6dc2f8921019545c73c4f9a5c399e64a58e

SHA256
d927eb2035cecedd8ee173580d26323917f2a808a7085d9ad7d16abbc887c066

SHA512
1682e205ef89d72150f14fafe734be6c91b32c4695218278456a29be90706da8f6d891fdafa9d29a019638ce4e235b4c96aafa3e680de3205fd4bf498621efaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
04c105c9bce6c4f888ec1d69e3faf7e4

SHA1
17b30492fc9dcb46d79d490aa811342ca276ad22

SHA256
58ee3138ff3c6e6876b2024d103da221bab786a86b9176039ce1c017d42b3a16

SHA512
36066059cf699ec29e2633aef14feb1faf69992202eacf862e7f7fb88eeb817d5ee48d9c174c85a729688b286ed10a204c11bd188ad99004ded976247cb398f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
aecd5ceb4571d916b3049833712df4ed

SHA1
599ae78958e22d7c1ed1253c4b0853fcb6236d62

SHA256
6b68a9c398fdd21405126b906d07d21bd10f3ca2031eeb28121814ec6a328c07

SHA512
c882e8b24e91b41fa09b0e05e5fd1a55d5bbe51afbf76eba44af2f39811c5ed491e98bd60f0142c77ac6e2cfe504269cda2a560e18f4a9bdc172fd987189ac0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
f77aa76f24054697777fd8ecacb79d1f

SHA1
31382b5383c5794d983c7645d761526ea29eab88

SHA256
4ee7522bd4fcabdf77ad92d6495342ed4b810504a55694721c7c5fcf117cd6e3

SHA512
34aa00598d6f6e8d757377589baebf1630bb3cc03f2359dafc71ffc0655fef4471677d3721346cca4cce20c124134bd0f5828977b00d69cf13f5905e9d87053b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
0686dae63058f6ada4b1910e4e58af0b

SHA1
97cceff18989f3dc93af5aac086179438d259c10

SHA256
7c083610edda2497c1f8d3d1ddf5067031520da73f03e3da3fdff6be766766a3

SHA512
933ee0d0a467bc72b81fc0c0818e130cb1a7727f853c4e464a38f3ae4b4f5c4d7d32389f88f4895068dc6eee72ef6fd2f2f33560f7fc43b7d12bcb7032e91f81

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405201633401\additional_file0.tmp

Filesize
2.5MB

MD5
028fb19ee2cea3e611b4a85ac48fafbc

SHA1
d1a802b5df649282e896289b4ec5df8d512b53dd

SHA256
e8fa79e22926ae07a998b5d2bb1be9309d0a15772ac72b88f4eed66052f33117

SHA512
99959d7765c1e6636dee1841f214cb2d0c7684d7128381b0387fa9c7ef4a92ef62bb094087bdcb343e44196b5a333df3a2104ced9f49671197a06fafa27aff51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405201633396455896.dll

Filesize
4.7MB

MD5
74ceaf1146735fe0e297fa37ecd98349

SHA1
d77927d0b1bc98c4a1d1839591b1d3d5da2e3f50

SHA256
b4bf308a845e7b2b6cf1743a7c67440c8690a73631977d75197ae4616996c694

SHA512
f7717dbf780b5badacb27d83fc0e55b14477fe2179f11396780b053ba928b1875d77c83c470d5940ade9ce53082989cc581d411e9b441b52fe0b1f9396115251

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.6MB

MD5
83a8f0546164c9ba1a248acedefd6e5d

SHA1
7652f353ed74015e7e78bc9f9e305a48d336b6d1

SHA256
e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9

SHA512
111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.2MB

MD5
a019b5697f8336ebc95e55e738dd65ba

SHA1
a91bbac4de57faccbdf04338006a8f136e2103f3

SHA256
abd8a1242e302f0b7067d5bed8fc89ad16136d12e27284911740305708824a69

SHA512
50bc39c25c1299ad3e30a9cea89557f55dc2fb31e03c14e02dd80945d9d006477d3a5a59cab6089b397d04d236ea1e96810d29ae9a3585c56969ad206258d255

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
7.4MB

MD5
3d9692082e7850ff65fed29ff965fea2

SHA1
187d2c1828bd0a69031e7e5338db82519aa50c28

SHA256
29dbeb94e25b69a37176995361f05f75445561f2e6c38e0a2861bd921ea99833

SHA512
53d2c2c9d68bd07cca4e731bc070b04395c83cd126c13c186f294f2cce6e8d54ca5481e7060bf6a7e844b17eff7f09dde36b7224fefb6ea4f9e92b8728c26724

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG1.PNG

Filesize
339B

MD5
91d4b32e546bb567a485368f4f3e9e36

SHA1
1a3c0d14148e89d63133680585a1cc8acf350a30

SHA256
c36b84cd9535d41d0b83314016b94cdfdf240bd561ea6a7364d80c7d1d0a408f

SHA512
60448d51a6963ffe78a27396fbea0bf0b24e7e6fc6b1b20f918162611e715cb3e66aa598d5300701ea5861e6c1157d3dab490fffc250fc848d9b4bc25fd41390

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG2.PNG

Filesize
280B

MD5
b9f65a764f4b6e7200d4e8196404506e

SHA1
ff234ad4d6bdefbd327afe797a8d4ad49bc8a6db

SHA256
0edf34b391e628c512c92875c2bef18e4ff6089c684510f7a9899a3ee74e7c03

SHA512
f7f5c039a2afb770dc5c69a25e1b14b1aaab193d3e068cf5122d5b2e852549f7315fee033e08dd6f03fabbca2201d11b40c82a3405052799a11475f14ce77b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG3.PNG

Filesize
281B

MD5
61926338beed8fc9248d30b518a30ca5

SHA1
a8c58b3c54e8022c11e2131b44b79de9a71b8075

SHA256
8e6ecb01714f54d7df658b6e7c959d3ca76344d1e555fd29ceb503589c002ebd

SHA512
d915d4da356c6e86e6e7321f60424738799f833136d5e74f1e3b9b39b484a5edc8f6c5375a66b0bb11027a43ec85c29eeb7478722bd0927d8d89fbe6a5ade28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG4.PNG

Filesize
45KB

MD5
c6186135729878354e56e2430b872621

SHA1
a75d9bd5d067554c20f56b26691b8d2dffd61e55

SHA256
ca14f4876462ae0f578da25803b9a846a7a714f120a7a0c3dc8882540372ea39

SHA512
4f7204200ad7ff0b6af06a2b3bd384296916a5672bd05d8525889a6ef9c0dcc29703ac593f2d09f148a27de7245c2cd73a8be68e356826f912340a36f40ce655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\Menu1Text1EN.html

Filesize
1KB

MD5
1d50f45abc86da4d44b5cf801cff4d77

SHA1
207d11362728d28b808196150eb616fd5a3c279b

SHA256
333eda6f2b5eb3f2069dd57d4d6c621600dd647d1c055c280a84f282f9a41660

SHA512
b0b114683d00858b57f22113227ac36b0a750f4a0203cc3c9670c4026718ae4bd10e0b714556d1b3fcfd33ccf69ee38ef4250261601ca246ace70d098e5a6580

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
d21d15ab6665ce62793847dabe6e5754

SHA1
58b4e67885ced64e0cc516a2cb3f7564e0cdf104

SHA256
351a3439107cbd357a849b555a9c5a6cfe6e79bb64214b636bf6a73b6b1ca05a

SHA512
b3d2d418640ab1cdcb646cd3520da1e0ca5da291075d4e575f80dce4c67c139c8a1fbd9ae5209ddd8e27d2104c4b7715fc3c79f261dc6260a2d1b301eb7e9af9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
6156e61bd646e7391f08fa62c4b1b06a

SHA1
f042aa3561ceefe24eb696755f5ce8529f7da7d2

SHA256
73eb1a15d119e1c9ee5024262ae21998d2cf5a7113643e0a5469a3224e55e986

SHA512
0eada2cf2effbafdd26398c5c05d979d03ce1475c70972b5b68e02d48a5c92a36c65646a1c12ec179c52f78ae6c2d1baa44935289e3bd1d47301c2d4e31d4731

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs-1.js

Filesize
7KB

MD5
acd766ddd36bcb5498da7f6aaae6c5ea

SHA1
c4e97ed7b2a6b7dc0308e020f2df78aaa17d9e40

SHA256
2ef536a0e78c9610bb33d6a73ee59c598a3bc1a13ef4a6cc28aaadf5705f25d9

SHA512
dc3c5f6b966ebcbbb861c2753d83c2cb57eb1db4e0002f1d8d661b7ff121033876c211f9e060e591aaad01393597ce2ac0115f6c7e7b4a155491fc9ceecad53d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs-1.js

Filesize
7KB

MD5
5e35b3cd1011faeb30acc8c1d8b08bd4

SHA1
7653bac05a292ea39c2c4482ef922a630695e52e

SHA256
e2e3ab9e9de573cf0a9e8caa0eb0dc9b1d573c7a21d1076fb7ff33e40de4cf6c

SHA512
a01b11509470b6882417725fa12ebfd83e92be5e584911d99f131d5184c5797386c0d241fcea451858a4f0e2cc9f554ccc479faaddad39f38abe1fab87392051

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs.js

Filesize
6KB

MD5
2e8f92a24094f4d0a4371f1cd9cc9b7b

SHA1
fc05b035dceb58f42e361d6752297d0c9744a2f5

SHA256
28a2ff8a6401b1a57985cea46d102c023e1ecfc22925a8885c168853b6cffce3

SHA512
a8872f5016bbb3e64b0f6cb56a5a9222d9f7dd083526326b2b7a2e42acfa25d2c2689f4f65dca61861b27b4cf4eef5236e73cff4fa2414fbce2b3f40fd7d4090

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e63f2b1d91b505bdb10ba08f0e2eaa47

SHA1
b61675ce5c6ff40af7158e9860ea22a1b3e44f70

SHA256
df680c2184840b513f434251e5c19a57f9fa5e1239393b0180114b9f35919d68

SHA512
a69408675d58d0f56f045160a61d081b978e9f791e62eefae18aa589cdd5077d4bf2b281b8867003deb82c87cf3b0cabc74121110ea0a48acde6d68ae54b8ba1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore.jsonlz4

Filesize
919B

MD5
5f2f77f73a48ba04402f3e3c9472fa15

SHA1
935c7856e9a8f65eb06d07b1f5e111e484b2940f

SHA256
fdde1238c9c38ba15b3f7630447588590c6f1ae8b2d176dbaa83ad5cdd4d45dd

SHA512
746f4e61119210fad3ed7f6dc627c304ad2a9763797bb5b636e29f50cc31ee652a9db4debcd4caa49c92eaed9e5158cdaec7d1e63f232d56027248e6e9333d4d

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
37385406c58ef00ff210ff7bb7bb9396

SHA1
aa97ea1346b630809dc31a824bf3293449a9275f

SHA256
54a34adbb926a0685bc041272e9a0c9199755fc0feffe23b5a4e0772553faa33

SHA512
e00b70abf134ff5147c77c4a42a6f8bd89c39c8e329d7cddbd9c4bf32ee2bfedb1eb3704c20ffc5408b0b1c342300f8f374a44c64069725154b7f173d4bf25f2

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
5.2MB

MD5
218f8ff6fa81fb0fa96ed5b506e13f6b

SHA1
f0956770f0bcd4eca44a25c5c653ddc252bb632d

SHA256
186fa9af36ee7400077bbc188eea5e99f0e684befe406caef9bebab1f4b06f4f

SHA512
28021c9fcc06886169edbbf2a300ab03f60c328489ff5941c72818e82d9071ef0e60067237c2e785eb1d60ab86049c90e678c07bd84585af6065fe69f873d874

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 12048.crdownload

Filesize
25.4MB

MD5
0e0716d2e4aac0bb178c261985acf33a

SHA1
bda605efc74046624e45e7185a1eef7304bab61d

SHA256
3640227b80b8742c811f8ef399ccf1018d21224920e76239136d569db12a6244

SHA512
53898b2801587b941c4e4896746da5b26d02f4e1418fca802407a802d4823578539cd02700a2fa7413c0f2170fe075d65553f433fd1b4f412b0707516364aeeb

Download Submit
memory/4004-4363-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4004-3785-0x0000000000DA0000-0x0000000001189000-memory.dmp

Filesize
3.9MB

Download
memory/4004-4347-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4004-4362-0x0000000000DA0000-0x0000000001189000-memory.dmp

Filesize
3.9MB

Download
memory/6344-5429-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5431-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5430-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5432-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5428-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5433-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5434-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5424-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5423-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6344-5422-0x0000027527DE0000-0x0000027527DE1000-memory.dmp

Filesize
4KB

Download
memory/6628-1756-0x0000000000100000-0x00000000004E9000-memory.dmp

Filesize
3.9MB

Download
memory/6628-1120-0x0000000000100000-0x00000000004E9000-memory.dmp

Filesize
3.9MB

Download
memory/6628-1691-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/6628-1915-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/7356-2586-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/7356-2494-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/7356-2554-0x00000000008A0000-0x0000000000C89000-memory.dmp

Filesize
3.9MB

Download
memory/7356-1936-0x00000000008A0000-0x0000000000C89000-memory.dmp

Filesize
3.9MB

Download
memory/8012-3670-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/8012-3706-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/8012-3705-0x0000000000B80000-0x0000000000F69000-memory.dmp

Filesize
3.9MB

Download
memory/8012-3113-0x0000000000B80000-0x0000000000F69000-memory.dmp

Filesize
3.9MB

Download