43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee

Resubmissions

22-05-2024 10:00

240522-l1yaksbd3x 10

22-05-2024 09:51

240522-lvg2eabb8x 7

Analysis

max time kernel
381s
max time network
373s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dugga_848274.gz
Size

5KB
MD5

7867d29c88ed216103feb5021f01ebf8
SHA1

543af5ce7d60b6bf66d44d6bc42515d7fc97e796
SHA256

43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee
SHA512

f0a22affd6b56154e0ad15a28fadedbc1977fc1fe72b6280d3d87c72ad8d7df1b3a465d9532869a30c09e88cd35ab0f0f6ed188513a38a5ae090d575797354a9
SSDEEP

96:xUS0wqaXc0hWp9nVRcerCWZIIvj2y/dT2/7HpPotQWtfDmDa:xUncc79VierCW7vj9/Q/7pKQULf

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/5200-1066-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

[email protected]reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\2503326475_del = "cmd /c del \"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_HMBlocker.zip\\[email protected]\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

82 camo.githubusercontent.com
83 camo.githubusercontent.com
100 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

[email protected]

description ioc process

File opened for modification \??\PhysicalDrive0 [email protected]
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
82	camo.githubusercontent.com
83	camo.githubusercontent.com
100	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	[email protected]

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608458824501147"	chrome.exe

Modifies registry class 4 IoCs

Processes:

cmd.exeOpenWith.exechrome.execalc.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	calc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exe[email protected]

pid	process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]
3404	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
3044	chrome.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
3044	chrome.exe
2416	msedge.exe
3044	chrome.exe
2416	msedge.exe
3044	chrome.exe
3044	chrome.exe
2416	msedge.exe
3044	chrome.exe
2416	msedge.exe
3044	chrome.exe
2416	msedge.exe
2416	msedge.exe
3044	chrome.exe
3044	chrome.exe
2416	msedge.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

OpenWith.exe[email protected][email protected][email protected][email protected][email protected][email protected][email protected]OpenWith.exe

pid	process
2484	OpenWith.exe
4192	[email protected]
4952	[email protected]
5072	[email protected]
1424	[email protected]
3912	[email protected]
3400	[email protected]
2172	[email protected]
5528	OpenWith.exe
2172	[email protected]
3912	[email protected]
4952	[email protected]
1424	[email protected]
5072	[email protected]
3400	[email protected]
3400	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3044 wrote to memory of 3144	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 3144	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 2384	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 3180	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 3180	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe
PID 3044 wrote to memory of 1732	3044	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dugga_848274.gz
1⤵
- Modifies registry class
PID:4236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c00ab58,0x7ffd5c00ab68,0x7ffd5c00ab78
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:2
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:3644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3880 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4280 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4100 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3332 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2512 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4140 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:2
2⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5512 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5484 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4668 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
2⤵
PID:2784

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected]"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3404

C:\Windows\system32\mountvol.exe
mountvol c:\ /d
2⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4192

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:4952

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:5072

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:3912

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:3400

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
4⤵
PID:1700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
4⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
4⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
4⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
4⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
4⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
4⤵
PID:2904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
4⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
4⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
4⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
4⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
4⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
4⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
4⤵
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
4⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
4⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
4⤵
PID:5636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
4⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
4⤵
PID:5688

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
3⤵
- Modifies registry class
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
3⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
4⤵
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
4⤵
PID:800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
4⤵
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
4⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
4⤵
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
4⤵
PID:5988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
4⤵
PID:5124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
4⤵
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
4⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
4⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
4⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
4⤵
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
4⤵
PID:5388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
4⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
4⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
4⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
4⤵
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
4⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
1⤵
- Adds Run key to start application
PID:3576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5528

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2d4
1⤵
PID:5516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]"
1⤵
PID:5200

C:\Windows\SysWOW64\shutdown.exe
"C:\Windows\System32\shutdown.exe" /r /t 6 /f
2⤵
PID:5240

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
2⤵
PID:5284

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]\"" /f
2⤵
PID:2196

C:\Windows\SysWOW64\reg.exe
REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]\"" /f
3⤵
- Adds Run key to start application
PID:5080

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
bdb31a529f87cc337ae1da686457efd9

SHA1
76a0fca3f048746b89ada23b1cfcbe2640053d3d

SHA256
7b337b062d2d30908f63ccb9649428fc9fe677c8a130bb6f19ec04b9941d94db

SHA512
168643cb144b6ea78683270d789456c29a07b035e3294c3fef78539804ee336b8a8e551bb5441bad5fb7f962a5e51423682a296e0ba857fca1fdc6f9d2994e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
31fce91f2aff63d9fdf13616442ca73d

SHA1
c93bf5c6397933f13e289ec2dd817354d3e8fb7c

SHA256
ec8077999650c55e513c4bb1722df2f5a563e5771b067cedb5eb9935191ee11a

SHA512
94a859c3b2e1a88e5ceabd2ac67841623dd47dbcdb761e2a6d3f0ebc92079fdf442fe28127bbbd77a1797e681911c5bd386024350bc5528ef734bdcc7f8eba0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
42efcaac1587d955da5cce5680e555a1

SHA1
476b704e46fff93cb64c7d2babf31bed7f70ec39

SHA256
4ece43f6818d2054a707b51d95ac0b4f0244bc27b77662b79a864db2d1379389

SHA512
f83c7a4441b5fe6baa77ca81586958b09160fabfbe2484aa3929eae18359f5f19ccbc254d6ae7eb8e61f1f981e2ff8bed9b9d6e031cd0a837ebb400c8f490aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
0f7fffbb6386e0e8d0aa5a21320b2b1d

SHA1
e0ce84edbc64753097d6cbc2621f107122595211

SHA256
4dc6c7918d12e46c2f3d189061c78e2c0a659eb34b8a71ab11709329e722e6a8

SHA512
6b2eb9564f53d39d45b198796a793585223cce8431cd0416343a04dec353f1ca05201b6fb15c48c54f7b10ed947b47d9dc92a8b24957d548ec1273eee4221f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
426f3ef1a7576ef02527650790b13037

SHA1
7d31db1a564ecc6309ed6d392e11a267b6f1f5af

SHA256
9bf6159af5a5414833732f1efa2ce79113433dd8faa783137913649704410a4c

SHA512
acfc73f8945121087280412594840ed48582078ef81afa84785c716d4d33d6de4d74c6a1d9b5aeb5f97d7cd43f62e773233e82d545b59dc1a09cf3a9982a8bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d142e059803564de1e73bd691843b891

SHA1
6605214f2a63beeb045eb7f482eb2aa840792cd9

SHA256
725a0e1f44c2f16f8780ea917e2b0fbf3d68a3fe8dc4551d4662fc5fc7a03c35

SHA512
f5db7a55384e652a3d8dd9d79d38125fa2f6ad8389139034062d67390bd7facc05c151f2255491fa64ad719a8fb5877310129f2157723460e2fe4dd98750c0a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d7e64faaf6ae061cb12302559159059e

SHA1
5f902c6f9b9b3546e09f45b4942d95be46d3db3f

SHA256
a73826ab6714ba674a1d3dc64f160471256ba9f48fc885c42b9ae0c9b272ef2a

SHA512
180d4f1828a4fb3e86d38f8a4cc19419d2351805cb5e82fc15ea6aed36f262cf9965cb8b760a3695156388a445206336d9e3e1af6b37bda238ec42f30c445add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
21e6cd65fe64e83bed7857ef4654c7ba

SHA1
ea0b0f6dc28a173b76ce566ef4030b512b7cdf3b

SHA256
17d3e22563f44e294c211c5ccc1482056c4f63cd05cfdf0eac02777235c28b54

SHA512
c42e1d26812d41b65bb9a5e8288fa9352d6dc8a1113bae7a19cf9ce177ff8a7b4b6d0f2023e6052bcf689fc4977c40bfbb3c06f90c20da63741120f29a8691dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b6d3ba634f6d470a3c8cc65568f8fa51

SHA1
428150a0907ccb60404d15fe1ac60ac336a4f7f9

SHA256
9df517ea241e0bc0b433812d8c327d8f283a7dda94653e1d4c60b15a9e665cac

SHA512
def0b2c0f72dec88fff989287c3b8d83773dc6e67fc4e2b9e6ffe405be32731807dc01ace6bad656841241c80bcd25813b9011783ecd6293cbcc05b0f6af3ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f512b2e97455bfce33e40796e7bbb612

SHA1
b2f934296c7213137c87cbbbfcec300eb4fb31dd

SHA256
10ac10960e285742e01f91a412bf24d88759d15b8a578b43d6f3904bb6f7246a

SHA512
eaf47d6c36fef0392c4e0a984325a61024666bf13256900d57c0590678e7f70220e41fc7140adb8e339c0a15c1b7f6dd39113443d4b6e71d8430dea3addf9bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
898fb2b9f8d3915fa7e22d2c5e4458c6

SHA1
8389d8b2fca65791dd67c093af27568667912834

SHA256
f33463d0d751b29b300563dbfdfb28ca66e86c1628eba621573cb951fa46600d

SHA512
c410758a10b0b4f01d42ee3ceb4cbcce7a23935ebd0b8943d6f0160ff358c7d47acead69be4b944259a092d633f950c9fea777f0544388a69e12512303094c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
cebdd813acda0ae56d2e3035f5fc584c

SHA1
d44e07b92cf6148876df6c2c32010f7ca2819df7

SHA256
ab5499960dbfb99ed7983cc5d3d867efe091ced394bb9a8a0a03c9ec1375954b

SHA512
a32d91a04ef112d5ff247c53356b2e37d7df32277055ff7cfe4b7812d2afde65d16e4cbc995b6ac7b58177ef64162f4e88bf459b48de7c6025850b2b57d48a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
cb5ea9858a0b5a5ed0759f702ee11550

SHA1
96cde82263ae3f3668a638635d868fe9a8ea08ef

SHA256
485e4ae123e2387ec948ce2969140a0c6f74b24b4a3f011430b44a5cea4c8ded

SHA512
57f33685ee9d25f4051504f4d0964d992b270013eac956f76a34d4e20b03f77f9c19aede39b048aeddfa44cb2908b682e6d4eddff8ef5c1790c3dee7363598de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e7814cdfb0865b3da1a96166c7922d1f

SHA1
6f9e9b564a59d41a35696cbd0a6812a27b8031dc

SHA256
1ed7422b5e6a44c89a6fc0bcac965236782a833c3e0db151d0f39c657f9258af

SHA512
a3c97197e172c37fb58c0e23d66b07121c87afcf70894a8cc572a00db97105f13adae283b84747237fac91bfe68ff2225c8631584268f1cdeca6190c8b7c6cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
351ebe641806a2e15032ccadbb4ac441

SHA1
225539fd203557f270551137a4213f43c71251d5

SHA256
781f9d10ceb896b075aae2d1783442c259f6e1bd26e3ee171a4fabe2065f9c7d

SHA512
f6d0075fe6079da4e048ec9a83209985b42261468bc60e03c867c3ddce299b8578bb8a3b3be8b7e5a6d897a914a35845d6b112560ae1f681bc1a83cfb9afe0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
121081c001122af32247afcd125ee20c

SHA1
fe43a35a2ea1d255b9c586fed264e8dc3cf314b1

SHA256
0467987dc90c69840a91e1ec530db53080f8ee33c8a75e903178ffda9a5cfbbe

SHA512
59fd9bd54da5182e01870da42d9ec2a50bd2dd42e60580bfa40fb7bbee2a3147e1176b8d8768ffee4dc543ef4735f295b89377bc223957d1bed9db8ea0b06921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3fd6beef7f13c06e404e55b18bb8726c

SHA1
2df62bb2ed6e996a770756d7e328794021fa4c92

SHA256
690b8fa3ba5a64b6e9e3bcabf0bdc277a1de26ee4838387fd069b0cbdbd8a2ff

SHA512
a6f6e52b8b3d1685a13ef6ec9f7f1881f9480e4d84955af79218330914ef69a60f70b4666d99aa60c332292a9eb90815525a6ca5d8e1334d859390b4ef147702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
c3878e089714bb39b5b871e75173724b

SHA1
ed5a8590b2a302edcf9d36a4fa0e1b43c65f5976

SHA256
57871c82ec2a0d96d6b7c5971e68148e90d00d56e9dfcc56b4889a7aed1c7d53

SHA512
8f6d6a40770fda6ffca5dc54221e3e495ac563b5ea964e9bb0eac8bb2df98af30a69ff63bb6af27269f3ef612871908766054b2d5cbd68a72e6b8f1624548b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
214560aba8e95c5e13c747161a4cb6e4

SHA1
f9835d3bb662ac2aa51b7f06237c4124d5e6fac9

SHA256
2cdee6be384f5471c838c94904af1ceb50a7c1b815b148ec1cdc3700ca642689

SHA512
e8d64cd5303f27f1e3ba08ead2c7b80efc02293af1f4c3176dbaacd640b949e6c536af80d80ed561cd3e91f8d192c005187b7d133b426bbafc03a66b95162827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
217e2fcd3409c0808c840ffdfc7a1f7c

SHA1
a479119be818d2ae2f968a6d29f21a35e502ec8d

SHA256
600fff7a789d822bca016f880d101923171e9cc047a7ef08a337c28b07581170

SHA512
a47fe6d02089f0912f294193a0442f7a1ef307b0356a3dab1245b749506523c15d2b65374229afb1feec02cab0a64f48b693b3a265dc718a5e5e808ff13e7ab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
73e4568e7fc58c167e350ac8caf476d9

SHA1
79528d86223cadff0b43a49a5926a113dcda9e02

SHA256
4a60e49cd0dc841e9898b8002425138baf9e96e4e025998a32fb4525bf22f01d

SHA512
a4881e75b5c15b610c18b6481b5b45a8523a0efc05baae847595edb7caf2cb0c15561de0d1950a19529c3f2dc12d343da8f95a289f64d14ee036203de2dcba41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
24c8fe738e9e814bb6e2d43cb6c0dd5c

SHA1
df21acdf4580e8f962dd6b21f8d5bdff3be0c9ea

SHA256
1ae612b20e6b8083acd47e8cb96ccc6dee39644121f403ea59d1d0d85276f6ce

SHA512
2d347bf7336ef01657415fb8e36be48b969382fa1a1694bc4c6f75b5e3ef154705d32858cc6cd9ea04a776733c94ace42a8bad93ddff114ea3a9798681d6fd13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
16d58c9ce5d77d11bff3d734174a6003

SHA1
b329ba6d77568ef2518d54336eee326b3280ca17

SHA256
fcd89a0e0c7f5f02d6564961b2a81eaf076a48846fe489bef9668b982d25c73a

SHA512
5cd633b550da38920b369b1fd5707a55d0951a017c7a30b89cfa0b9ce213b762fbfc81f664e817a37058dff016175f20e51f715b5d70abd521bf001c32ed2723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
310KB

MD5
522bd5aa6ca8e5f2d4f68376f6c82664

SHA1
533d9b39588e426a1edd4cafcbee12ff68a6a85b

SHA256
73e3137fa44527b50748a22b145d2e6c12346b0e464aad967bc4e756a989bbf8

SHA512
09a9c8a7626c1df68915c8cb6d064dc81982ad5327e2b3fa38ce45fdfd0cd8eb2cb00f20d92a09ea65a7d4c94b1940f2be2c9ec85086992dc5fa4e2283996fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
258KB

MD5
142f48dceb4da7ab41334076f3195468

SHA1
317cf903cc061201acb56ecc1af159b3e5ec2db0

SHA256
2cc7e7508c1fe4aaa4bc8574ad896b695c493aff93cb4698541898d1a4bdf53b

SHA512
98e94267ba93bf7feea80f8a105293b3414fe71a971e0def4e3a4ad205986d290ed124966546eaae79aeeacb7d464505c86a8ad65e54d37e4eb29e8c80526b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
f6ad2b68480cd4b8fcb13f9d0c4b7e6b

SHA1
205fa92dd67986ba34e1401a3269f7c8895d3334

SHA256
9edec4081f85088eb7d7f610799c6c83453fa798d79738677542bea1ee6cc715

SHA512
557ba03789478f84474ab6dad77e0927a9fe0573f91d25e1390baf6901d860be8f21f9a9ef8373e9320318ec731a551d1562ac761f7fd0464ac2ee626b260b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cfbf.TMP
Filesize
88KB

MD5
91f4ba81ff20245048d37af7ba505c8a

SHA1
cf136e87fcd073ee700096f22626ecfbe9f0ebfe

SHA256
c4b3bc2ee025b81a84bee4973adc95c9543ed83626881abb7b16806851caea5b

SHA512
8072462a78fede3c85d19a915aa50d6861c7740810a249270b884edb54b1b33debbccd0a8532fd01ac72b462ae166c6f9273b5f11613a655dc456bf662869292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e804801b-3919-4209-889b-7e62899fc894.tmp
Filesize
258KB

MD5
657b71d0df46856d7762eb900aaecd5f

SHA1
71c959d15882310c05c6dfda38402486c7b2aaad

SHA256
83f9334b3f2b500333cfb0f801cebef533bc88a15da6788f2a4e7273f8ad244e

SHA512
8747f31a11016d15a6ab2862e40b2bc91da749f2995daea27914e19a8ea90bf7061fb6bf05d8eaac2f1c40c9af6597f76d1fd22c552f709f1f60c722f2a8af06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e5d8a214731323907ac6b9658e000efc

SHA1
99384e17dc54577b17928713d007bbc7bfce4994

SHA256
f39234235fb9c72cfe79000eb39071cfac713368d901008e09fe68e2108ad7d2

SHA512
0dc172f6da45de9b0d2af85830b66378beba92132d62efd865843d8ee28b8d38f26682975dc4358b396734e55f92580cb1663dd0c10f04ece6573a7ec4b5b138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
5546f2ebb2d44744f3e1bab3c0ae503d

SHA1
e619fe8bdb3b82f71c2dd2be4d503552cfda0ab3

SHA256
ac3fb51fd6346c903d26b4e78e7c0cccfd446f893cd0f2f077be8de45141d6f5

SHA512
d5e7670ce6736ac5af672d8ef14bb6d01a389bbc4fee9e5140bf69cc036e351f8b570e1a5ceb059079f9b7fb73edc9fbcc2f61fb8cf7ae1fd3042a1dfe40d58b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
40557db174e567e0b99ea565df079668

SHA1
ffeee96aa2e4cf0ef39a7af550383912a34dd284

SHA256
33ed274ff79d3529e874f60475ee546503e26d7855a193dca68e3f616bb6c54f

SHA512
7bbb4d29b67497bf8729024cc65e56d1a274b0593b2180c44b5b9aa4be9d8bdeea784541f179aa1388ec1d58e1d6a030d4786d38c31a8777fb6374030c1c4d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
fd9244c861b6254cd6081705fdd75055

SHA1
d4b4372efa8e4d058928b60b6260314b5f54de5c

SHA256
f8f475c1b671c94eca5692fd21b13edd78ef5a3e9545e9d0c335206a223af330

SHA512
033ce1f6c2c4f704cd5aaadfb3a8c40817744ec6ea4013f77cfc6313d68c2fa1a8ee26dadea368d98ff9e4bcf93cd94909c099882acd79876bfe2ae5c46155bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
d8f6f35c2054a00f68916fc38de4ae58

SHA1
31f850f5ab4e0f30033e60090970995fd4aae830

SHA256
22dca4d04801313f5ae0c833e134cf9c8db83acd7200d369263e784947cd94c3

SHA512
39bac1f641aae3a7dec3f826db38c56a1af093d6121c1ab9b6456ec772ec201945dc3d9dc9df8b9e73b34b500d3026a5e14ea34d26bcbd2fad40741f5dd73b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
e73f0c6b7be68da64f815991efe6fca5

SHA1
cab41d3995a916e18ca61a993fabd78c6fae29d6

SHA256
e8aeb69fa1dcfdc111b707ff2d488948e3e37a75d1c045125b84dfcb2f37d3e0

SHA512
c28c28f48050175065f3fd25d29e7542711ee1cedbf388fe96a621be8d7de14a27b23fdbfa038f00bfbb3036ab6244aea1ece39ef030b5f8490dbd5a34d1b2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
3f35c1e4098e04de771fb3a26801de9a

SHA1
e524d0946cc2b9985c707df3e76fdef0dbd05c88

SHA256
d3dbda529f3e863110a9aba161e03c2bdcb6cf1818adfcbefbd7e3de1d626434

SHA512
31326a54ec93d0ca1b2981794655d60478c17e374ca057c4693b187eff936ec3f564b86dbfba04e59a1cc9786fbe1eef22d1aa6ddc7fe1396b58f0bd46df295c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
24KB

MD5
234f5cbed9afd1e85745b6835014ca0f

SHA1
e33639e5e2a0b199df12e0e94715ea3b6c32b2d7

SHA256
a2779aa7ba95645122acbfbd018c4e9970fc7abbda951bfeb75199742cf6c0db

SHA512
9038aa6b649362f3ed86fc6cecc421019657f08e96c0b100efbe58dec890870896b3b72991b4e02b0813b4dfbe40a3335b76db3d1670af067d64aec42ffc4390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
9c1090278857d48412eb86f7984f96c0

SHA1
87081dea92eefefbc5bf345ea05644cd03fbd340

SHA256
be64a30fa00cb60eb8aae04a428ff4a58e9147d952cec490ec56d755697ed30d

SHA512
0b3662c4f96e0ba25abea80a959b96d586c3a3093d6dab484474033d27a22141fbdcbfe6499aa16b4b9d5c13541ed7a23f024f0881b36e65573e230fbafd6aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
3d95223eaa50f1e83ec53acb7919f286

SHA1
2efa4edd7c56774e51407faef25cdcb568a16434

SHA256
7b480c92b78be12f7df8c2e58ac1400d3048a4309385822d960bee2916eb678c

SHA512
bc2297e34b65a814d6e767c94118e650fb5e46b742d53fb8118a60717530e4d4ba464e7eb3ed49669f74fe12527de4bb4bb0f1f745043a952b66ddfac539d024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
e57f4e7c508e9f6940d29abe52e58aac

SHA1
56fe830453c0a1fe61439146744bb5d74dbd4bb9

SHA256
d3d0d45e0e15b258f3a8caf6f7201bf68aea96058438c004113f2e7fbec0f6aa

SHA512
fd33ede0ff6613d4bb5333f9767c8428aaa1ec8442b6be36c03e6d9fd76eef5a8b34b25e94fc0584481f814bbca43baee6df5bc193d0b8e2c04c3eeb743b2aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
9893b31a397c51f7f5909ef32f1fca50

SHA1
6b1cf2cadb0abe7fc1ded02b35f5046ab87a4e4e

SHA256
e6c07ce5c5e362a331810f91963f435f4c51de189c1761380747cf7150ceb9e1

SHA512
a273167766b68c65b305d6b0a246f3d41ef06619a2fc93d9c6d5fd6772cfe2c9593a27ff04f5d01fa31f9d904b85306b37496daa0c3d580206f9a21dd7d1b7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
7964016a437d0422d343198a6fe451b6

SHA1
9c7e957db2629c6c1177c4076579ab9125dcb7fc

SHA256
387abac3608a956528c884f5c7bbf205c521708e9e34786b469aed8fa05170d7

SHA512
b9afaa9546013bb5ecb248eec355d622b5455b92419cf49ccfed1e921e08854a6e782008ae71e44afa84226257df91a7affd34cd0639a6c3831f8b86fa396d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
edee0847486b8b00f8db441f2c6e9604

SHA1
bed3af3c81ea13ebc33c2948618df3b69b199ddb

SHA256
9f01705e3f084bfee203b15db4096a24fc435fd1ff48a37b4f56f43a277ec937

SHA512
c25f7193303671f330fe1a77a6f671182d8fb5d3a567ca381b88e7b9568fbb3687f1c462e6dd453d29409df51e697e4126a32dcd1823d333ca46e8601716621f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fc70239da878d17b221c97241f117fc9

SHA1
5299609614335fc3b1b8716e7c1ed9ae03414752

SHA256
b2dde1e026057194f51b43119e7a0feb204f8f5fe9f34903267f2be97246bdc2

SHA512
1af463b0bbd0e05d6185cdb370357caf241fa88c303e03610498493fe588e0c13e3923949ae05b2f000fd04ccabafbfe2f3606ebef455eeb97a06ba0490fbedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d3e850829eb01f969aa68f9532c89f03

SHA1
79a34afbbf5be6c7e62752275c76946445216ffa

SHA256
3a6c07f0aa6c782925f807ca51b1bf5c185e49a4294d5457f3eb7d61040d397e

SHA512
90566ce45385e2b530305c6b64442d862981c8da85c2e5036c18527195dd3523f0429cd293a52b9153e4730147ffe0e9160ee16d726f97df142644c6f741f0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6563a88c7db0d7e6917115df248a4845

SHA1
05e37103f1cf1ede2ae34f8744e6106c5e5f2870

SHA256
b02399ca4450b605e05adf214f3db8c8d25cf70e699aa994ae4402aeef21ae60

SHA512
1332b78bed91bd2e548925daf1ed8cb30ff5fa088d654d4b6b6d3f3a7b7e6328c76fcff91a6a134c5ca3a1188a9ec87391851492229feffe9793f0a0b7474078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
882f9efad0f31ad3114f4d008e82a0a1

SHA1
37b5697dafe8cf9f430f5ee8d10252b8b6b0876a

SHA256
033a77f02b0c7ad88b6c3c298f24a66627569bef56ed3c4acb31cba610d2c385

SHA512
9bcea66e35878c3dd8f5fa2e3a04da8047c38b0d52d76a632a5a965acf70d4ea5616b6a2bfb3bc5b9518d9760e1d19a4b54feb19ce51f5da40c5092924b15352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
f58694d3f1ea71cc01ffedd7a0e3f806

SHA1
c8b5ca6b71523bfa8c43da6c049f71c8cafec13a

SHA256
e756b43122b2e41e3d6489b180accadc11c4f3c0d6e52c8ce436ff5a28d87c83

SHA512
4192461f90f7c16033ff32c9f2022fc6660493823dba96d0d719ab93f116a5dec7931c5852a46fa66257eb85ba9855b92d1113768fb9c15cc142613cac3e678d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
87cc840c75fa736204e5135934bb8eb7

SHA1
945a7505f8548e9067bb35983f60433c26cccf01

SHA256
f5048b0350aa19151a3daf709d55964ea62a0f1412ac51fc458e93e22f9d2e44

SHA512
870bff7a0e177ad150a1366af7f09406b779b9eaf6fc6c3a620325f0e9ec31846363a3a55de1d3b2f26621c4622459aaeab3bf71c55c6cee913972132945167f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
eb78e9a3b6c61363264fa608e2f0ca5b

SHA1
f7b5ba8afc0c81557a6852b5b395bcbccc71d244

SHA256
bace39b2daa53d528a7544fb8d95fa5b2c00265b266b583ad09c7c7470c9ca77

SHA512
4d58dd5f2684d83c78700677ad765e1da224defc53751471e4ca69a0f499ac6897c256863f9fd4b26a73c856c5680de6696aa0cfa13db2af9df66af3a95168ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13360846052673487
Filesize
5KB

MD5
08f784ee79994067b88c2947964739e4

SHA1
b4af98d0b68b7518504701ae39c7fbe59daeaeb5

SHA256
6a19ea30eb12a5a3fcbdb7816e99cfa6b5e6d79a6263ecef735d9f88fe008792

SHA512
3ced04ab6679a4960352ff68b602c1d71dc2593de8266afeffcae5533bb4e4459009eb5eef7b190d76da25896f3c313792e4472d5c5df090e22cd20ff685ec03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
f84f6797a922f5b3d40e061872ada980

SHA1
3214909f4492bcf6956c6baf79f546aadd8280f2

SHA256
4663ea79c7dcdf8fec167455f85ee956f8c0db00865b781b8af2cf97b24e289e

SHA512
5ce379aedc49185c40d18eb6dbf80f9a249e66c1439d84109864cbf86a5f670a5a47c2016919111add718b009a86c553b8fcc7ddaa761455090e3587d53584a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
1e1e5578b77dfe4c0d7d010e313fc06a

SHA1
5d699c988fb2fa21bcdf0b77905ec5f97253aabe

SHA256
96b87c76eaf0a940e51d58c34a7eee4c449bc1436dabf9b9a5526295215cf57e

SHA512
5dbd851846a836031420627e0409bb9a68399d53085436c74efda070b32503b82521d2ad4ee66d30a09d9140fd31adf8d8dab3dc34e3c2fa057fcc915752228b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
b582325841c21ae88b32c49072d20ddb

SHA1
227a47b1949554ce45a5a9e16425b5de09b16549

SHA256
f7981522e590f63d9757bc2dd47fbcf79d22e64ba077fa8fbce827d65f568693

SHA512
22cef0004f9a02c6ac4d175da3fb5683b02094d89ab8feb2819bb95bb458f1c28d145f06f8ba73c1bdb6e45b7917a73af4c3d452a0e82359ab57980100589457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
f8b99d9873ab7e695b8f26cd8fc32b81

SHA1
7b1d83d80d23dccde85fb8a2b7694967f43716b4

SHA256
c908a17c728227a1a007294d871e1b1fd5cbbe854e5b21af09a8a37cf93da48f

SHA512
442dd8f7f37f16ea5cb97c6b9b99b5434bc8e6746c64fc09d2cb5e6446ae1001d13b121756efe4ea92297e5be1c85eabbfc0a0064471ceeb35d94c3d2f80eb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cc7c0ef0-73d1-41f6-8993-578a86a7e966.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
29adc32b6d707168d80cab223aadaf04

SHA1
0a86c0c3fb785a066b722196ad5742cd0f26a34a

SHA256
2abceaae4b0fddd3f533b7da0ddb3a221415f77c5208a8ec793f355f6650d558

SHA512
bf656d32bb593af07a43324e3ebff78a0c775d484d63dcdd042e98b49e96b6be83bb219b1f2012bcdcec7bdbbea8f22f6979a7d3c56fe1e1aaf58684d984cbd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1ff1b75bb67c6479af81026a005a8baa

SHA1
cf8c57537ed89fd59eea4d27402d3ca954cb3bf7

SHA256
1c780f1c5d22d7465b2d787a17bc191496e3b07c9b3188e190902828f244699f

SHA512
92bd0e1f7dab65cae37c0ebdb79a619471d507321ef8f30883090c965d9754f40a389377b211a483b47ff374be49f3c4e033a79a762024122cbde23164de1c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
99e0e159980b32faa15bcfd9d1f3c794

SHA1
a5271cb4795e82938fbc183dc8d5f83b9dc6fe6d

SHA256
59f683eae389f18de124d4762d1981c52395ccc1ad0d82d91930d0109873b5fe

SHA512
a54b168db025e11a1f792ac088e701ccd4c68f8551def6ab2e93e4e17c5dd962026cfba16e079209381983d348c63a64c39f1847fff6e6d37b649ca5e4fc1ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
376ecacf0b8953760ff7de47dee5d70c

SHA1
ba1c7c5fd84c5e0994cf3ef38ab7000553cac673

SHA256
b0a778844aa1bf98ab2b1a18afbc9848206b9a624acd496c8318b3d22b6fe221

SHA512
ed7d8286162992e8470a4b4e19d6240751f6e20bd9f6cae235c10f976407485c141f5d39da9eda76615492fc277b0cde447f597f3a1a6dbfc7dc58eb754627df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
ee8c42b31d4b4b7dee1908c2ec179ef0

SHA1
cc8701ecc35b34c07b46a52d386d9bbaf2758079

SHA256
2e5092a8d9330e8a7ca7faf99188648215675d6e8a2d2b7b2e1f60e6c13e8289

SHA512
99d0f3a758627bb0d919dca252021c435a54e9522cc5d8fcb368b915f7388e205445b9c24d9dd1578dde17c9fbe68ba5dcc5893169b385515f1d904718aac223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
55288a9a34191336c6e97ef348a66a37

SHA1
42647358326cb874a080df809382b8ad8a7f01f2

SHA256
f4e91c557006a2d7402aadfe1d33361c4f820dbe3702f4f734cd337bc1758200

SHA512
8af84be88db21a85cb647940656503571c6b6a3203a11ce95ac7c5630a134cbf8443d90c74d281c395f245d015107e345d26d6688a9abe73f4eeba855494a0ae

Download Submit
C:\Users\Admin\Downloads\ColorBug.zip
Filesize
28KB

MD5
34071c621da9508f92696709d71bb30a

SHA1
5817a14b8da5da5aecd59f5016c2b02fbbe2f631

SHA256
ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd

SHA512
eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45

Download Submit
C:\Users\Admin\Downloads\HMBlocker.zip
Filesize
38KB

MD5
5968e8a8caa61b46ba347f8c521c1f2e

SHA1
88f9a7ce6e77d191c9a57ecf238ef5e9e9ba6c7c

SHA256
a181f8925c8c66614be38de89e6dc38cf85715379a10de8d9f9d70b04891ca35

SHA512
6b0659ff7a5548cd1b752a72a70b147d1c9676dce14148430961a7b5204d4e3a42de5530d423ebb879f8e5c72785a45e5b20bd40cbf93cfaefe981534e96cbe3

Download Submit
C:\Users\Admin\Downloads\MEMZ.zip
Filesize
8KB

MD5
69977a5d1c648976d47b69ea3aa8fcaa

SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a

SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

Download Submit
C:\Users\Admin\Downloads\Spark.zip.crdownload
Filesize
1.6MB

MD5
860168a14356be3e65650b8a3cf6c3a0

SHA1
ea99e29e119d88caf9d38fb6aac04a97e9c5ac63

SHA256
1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9

SHA512
0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61

Download Submit
C:\Users\Admin\Downloads\TaskILL.zip
Filesize
14KB

MD5
f3f982622520af32cc86d3a22f352af0

SHA1
99b7c8a8afa3cfc7292893d7b2253a581249d9d4

SHA256
653b5c625dc6f24dcab5aaf33e77fd3c994f4783884c21d0a71b5c1fefbeb4e1

SHA512
27482f0293b88c1a31dd1132401b4df19d3636f1a31f2b607ccf9a28dde0165381d65d9d0c492ab6c300bd1da0aac9e8df8c7cb3394cea35c90ce1a544a0576e

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_3044_QWEYFLYRWIYSBKMU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3404-414-0x0000000000B70000-0x0000000000B7E000-memory.dmp

Filesize
56KB

Download
memory/3576-515-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5200-1066-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5200-1065-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/5200-1064-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/5200-1063-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download