507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

Resubmissions

Analysis

max time kernel
275s
max time network
308s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
04/06/2024, 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Delta V3.61/Delta.exe
Size

17.0MB
MD5

774ffee84d8e760761b8819edd2bc252
SHA1

74ff2bcc3baf64790181b97dc09ab951d9440379
SHA256

3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758
SHA512

935624fdaa9ae57d4515a456a9383c20240988848046fcab69948450413e573167c0f17a456f0f5120ec13e3215759ad11c4857873900606116c3e495dd69650
SSDEEP

196608:LOM8QZXcqPrn0guhegnueaIN3l4X+yBXeLUpcgwBj9aR:LOM8EmegnBaS1C+yBaUpcgwBj0

Score

8^/10

discovery exploit

Malware Config

Signatures

Downloads MZ/PE file

Possible privilege escalation attempt 4 IoCs

exploit

pid	Process
8436	takeown.exe
7832	icacls.exe
8408	takeown.exe
8352	icacls.exe

Executes dropped EXE 4 IoCs

pid	Process
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
5412	saBSI.exe
7636	rsStubActivator.exe

Loads dropped DLL 6 IoCs

pid	Process
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe

Modifies file permissions 1 TTPs 4 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
8408	takeown.exe
8352	icacls.exe
8436	takeown.exe
7832	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
10	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2388	3056	WerFault.exe	78

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
7884	taskkill.exe
6696	taskkill.exe
3744	taskkill.exe
7740	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{2527EB51-A871-4A5F-BA22-43875BC5F5B9}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 605506.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 203758.crdownload:SmartScreen	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3700	msedge.exe
3700	msedge.exe
5064	msedge.exe
5064	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
3468	msedge.exe
3468	msedge.exe
5916	msedge.exe
5916	msedge.exe
5916	msedge.exe
5916	msedge.exe
7748	msedge.exe
7748	msedge.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	3056	Delta.exe
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
Token: SeShutdownPrivilege	8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
Token: SeCreatePagefilePrivilege	8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
Token: SeDebugPrivilege	1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
Token: SeShutdownPrivilege	1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
Token: SeCreatePagefilePrivilege	1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
Token: SeDebugPrivilege	7740	taskkill.exe
Token: SeDebugPrivilege	7884	taskkill.exe
Token: SeDebugPrivilege	6696	taskkill.exe
Token: SeDebugPrivilege	3744	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3324	helppane.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3324	helppane.exe
3324	helppane.exe
8116	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1112	LDPlayer9_ens_com.roblox.client_25567197_ld.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 3700	3056	Delta.exe	79
PID 3056 wrote to memory of 3700	3056	Delta.exe	79
PID 3700 wrote to memory of 5116	3700	msedge.exe	80
PID 3700 wrote to memory of 5116	3700	msedge.exe	80
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 1072	3700	msedge.exe	81
PID 3700 wrote to memory of 3124	3700	msedge.exe	82
PID 3700 wrote to memory of 3124	3700	msedge.exe	82
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83
PID 3700 wrote to memory of 2832	3700	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe
"C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff14d13cb8,0x7fff14d13cc8,0x7fff14d13cd8
    3⤵
    PID:5116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
    3⤵
    PID:1072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
    3⤵
    PID:2832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:3748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4688 /prefetch:8
    3⤵
    PID:1284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3476 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:8
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
    3⤵
    PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
    3⤵
    PID:5872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:1500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:4660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1336 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
    3⤵
    PID:5844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:1200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
    3⤵
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
    3⤵
    PID:3356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
    3⤵
    PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
    3⤵
    PID:5236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
    3⤵
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
    3⤵
    PID:1244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
    3⤵
    PID:5920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
    3⤵
    PID:3080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
    3⤵
    PID:5916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
    3⤵
    PID:652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
    3⤵
    PID:5824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
    3⤵
    PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
    3⤵
    PID:5236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
    3⤵
    PID:2192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
    3⤵
    PID:6228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
    3⤵
    PID:6292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
    3⤵
    PID:6304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
    3⤵
    PID:6464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
    3⤵
    PID:6528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
    3⤵
    PID:6708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1
    3⤵
    PID:6716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
    3⤵
    PID:6724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
    3⤵
    PID:6920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
    3⤵
    PID:7124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1
    3⤵
    PID:7132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
    3⤵
    PID:6064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
    3⤵
    PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
    3⤵
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
    3⤵
    PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
    3⤵
    PID:6256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
    3⤵
    PID:6272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
    3⤵
    PID:6288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:1
    3⤵
    PID:5772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
    3⤵
    PID:6248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1
    3⤵
    PID:6732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
    3⤵
    PID:6384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:1
    3⤵
    PID:4252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1
    3⤵
    PID:7076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
    3⤵
    PID:5524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9484 /prefetch:1
    3⤵
    PID:6048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
    3⤵
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
    3⤵
    PID:1556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
    3⤵
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1
    3⤵
    PID:3372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
    3⤵
    PID:6684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
    3⤵
    PID:7172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10272 /prefetch:1
    3⤵
    PID:7284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8420 /prefetch:8
    3⤵
    PID:7396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11244 /prefetch:1
    3⤵
    PID:7648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10380 /prefetch:8
    3⤵
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:7748
- - C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe
    "C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:8116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10804 /prefetch:1
    3⤵
    PID:7816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10884 /prefetch:8
    3⤵
    PID:7980
- - C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe
    "C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1112
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM dnplayer.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:7740
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM dnmultiplayer.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:7884
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM dnmultiplayerex.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:6696
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM bugreport.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3744
  - - C:\LDPlayer\LDPlayer9\LDPlayer.exe
      "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"
      4⤵
      PID:5100
    - - C:\LDPlayer\LDPlayer9\dnrepairer.exe
        
        "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=197450
        5⤵
        
        PID:7880
      - C:\Windows\SysWOW64\net.exe
        
        "net" start cryptsvc
        6⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        7⤵
        
        PID:5348
      - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Softpub.dll /s
        6⤵
        
        PID:8948
      - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Wintrust.dll /s
        6⤵
        
        PID:8268
      - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Initpki.dll /s
        6⤵
        
        PID:3020
      - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32" Initpki.dll /s
        6⤵
        
        PID:9424
      - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" dssenh.dll /s
        6⤵
        
        PID:9028
      - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" rsaenh.dll /s
        6⤵
        
        PID:8980
      - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" cryptdlg.dll /s
        6⤵
        
        PID:10228
      - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
        6⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:8408
      - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
        6⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:8352
      - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
        6⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:8436
      - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
        6⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:7832
      - C:\Windows\SysWOW64\dism.exe
        
        C:\Windows\system32\dism.exe /Online /English /Get-Features
        6⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\642F4236-4446-462D-AF7E-E664BE35B8F1\dismhost.exe
        
        C:\Users\Admin\AppData\Local\Temp\642F4236-4446-462D-AF7E-E664BE35B8F1\dismhost.exe {8C06A805-D1C9-449E-AF89-19646F6BBA99}
        7⤵
        
        PID:9012
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 3360
  2⤵
  - Program crash
  PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3056 -ip 3056
1⤵
PID:3464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:764
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {737a31eb-5a40-4879-9f5d-8a86baa74f2b} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" gpu
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 25491 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d7a59d1-d4e8-4cbb-a4f6-e029a8babf3e} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" socket
    3⤵
    PID:1888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 25632 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2300e40b-83cc-4e0a-8dd7-f95da946cd56} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:4864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3568 -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3232 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34b5cff-322e-4d96-9d26-895d3e0e2786} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:4676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a5030a2-355c-430c-938d-fd190f5ae8b3} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" utility
    3⤵
    - Checks processor information in registry
    PID:696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5440 -prefMapHandle 5472 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0df6ef5b-2878-4a2c-97f2-d765e8c0e2d9} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5452 -prefMapHandle 5448 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf8ba2b3-fdf6-4eb8-9c26-3a22ac983173} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:1844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5488 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c079db15-7714-4967-b760-b0474b6304a3} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 6 -isForBrowser -prefsHandle 6212 -prefMapHandle 6208 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b86e01-e047-4530-963d-d7bb7d06b617} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:5516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 7 -isForBrowser -prefsHandle 6564 -prefMapHandle 6548 -prefsLen 27965 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {456cc1f0-1dfd-416e-928a-508a714ef511} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:5344

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
  2⤵
  PID:5484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff14d13cb8,0x7fff14d13cc8,0x7fff14d13cd8
    3⤵
    PID:3376

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
1⤵
- Executes dropped EXE
PID:5412
- C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
  "C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
  2⤵
  PID:7920
- - C:\Program Files\McAfee\Temp1656029198\installer.exe
    "C:\Program Files\McAfee\Temp1656029198\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
    3⤵
    PID:3272
  - - C:\Windows\SYSTEM32\regsvr32.exe
      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
      4⤵
      PID:8332
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        5⤵
        
        PID:8968
  - - C:\Windows\SYSTEM32\regsvr32.exe
      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
      4⤵
      PID:8292
  - - C:\Windows\SYSTEM32\regsvr32.exe
      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
      4⤵
      PID:10188
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
        5⤵
        
        PID:5996
  - - C:\Windows\SYSTEM32\regsvr32.exe
      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
      4⤵
      PID:8336

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=3d8d521d20e0420170266ce4f4398e094d32e2f1&dit=20240604143327867&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
1⤵
- Executes dropped EXE
PID:7636
- C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe
  "C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe" /silent
  2⤵
  PID:8140
- - C:\Users\Admin\AppData\Local\Temp\nsq8CFC.tmp\RAVEndPointProtection-installer.exe
    "C:\Users\Admin\AppData\Local\Temp\nsq8CFC.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe" /silent
    3⤵
    PID:8
  - - C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
      "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
      4⤵
      PID:7680

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
1⤵
PID:4116

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:9536
- C:\Program Files\McAfee\WebAdvisor\UIHost.exe
  "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
  2⤵
  PID:7108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:9884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:9600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

Filesize
72KB

MD5
a7b0dabf4a52b6827c35de1e05111ba6

SHA1
21065f550492165d5290446e433e0f9cdefaeecd

SHA256
b92f20569bcb06eb12a87d278592af03f564281ad9803eb8ee748eed0c4afbf2

SHA512
5c4996df6335d5cf045f09d04ccf2382306ab4ab962dc2ab1889248df00f1470a336724bf137986df7be60e6b5b2417d75e4270b18f3f87fb533a8c1c530ed3d

Download Submit
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

Filesize
795KB

MD5
3068531529196a5f3c9cb369b8a6a37f

SHA1
2c2b725964ca47f4d627cf323613538ca1da94d2

SHA256
688533610facdd062f37ff95b0fd7d75235c76901c543c4f708cfaa1850d6fac

SHA512
7f2d29a46832a9a9634a7f58e2263c9ec74c42cba60ee12b5bb3654ea9cc5ec8ca28b930ba68f238891cb02cf44f3d7ad600bca04b5f6389387233601f7276ef

Download Submit
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

Filesize
334KB

MD5
135353974cbebf94b8bc48d682f8f5d8

SHA1
0d8911efa7759516fc80961ec42ed6e15764ceb8

SHA256
3da6db19e909805066bb41b1674b76b9b1946e99aefdee3ef96a0ee73b9914c1

SHA512
1896e77b05162f9624ecc2139866186260b1adfb6a1918f04f9696dde2e7b5b4c2fb64533c20abc44ea0bc42afed692381cff956a458b1fb420e5b490f26f998

Download Submit
C:\Program Files\ReasonLabs\EPP\mc.dll

Filesize
1.1MB

MD5
c85b6e5cbc8cd0cd668a95378cf2339f

SHA1
a53d71a00a4d1ee74de71543846ddbeb568b29a1

SHA256
ef6f5493f21fa5fdac8b6b669ac6dbc0923e5c7c794f075413f27ca6ebeeb4b1

SHA512
7067887375c5aa40b1732d648185a0d231b8d87a43b63fb3670dc5099a56c7c7356cce43dc48cad6e96c1585fdb2955afa8a50d3a1c7df1994e80705f76aaec2

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

Filesize
346KB

MD5
fa16d0dc50b77c9f8703b5b36d774107

SHA1
ec426639f3bf3a563491ac53b70bb5eb92e5c314

SHA256
94ad9f2b387a5e6cbd0f7b2259e37533ca80aaa69ba044db6a022661eaeb606d

SHA512
b2e50634a6a7a116c71bb56dc045f29f79abd5d831ed1ac4a4fb7ab6a452321a814b9877b1c98cc0e185c6b6cab5bfe3e9435a43f9f4d1ff4d515109779372cd

Download Submit
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

Filesize
2.2MB

MD5
4be222b0796df9d496e9ff02c389c304

SHA1
a50131cc3683aed3c32847cdd0b8b976951296ba

SHA256
ae6d512a1d4f0f4b91a699c80eb6b97acd3bc59b22375a3039d74b58b31e9c2d

SHA512
26cccea83b3f1dfe84c63cacd4698d9eea373219cdf810f5dbc1ace313b1478d753eb5547ca186076e878883b462364dd80136805d7aadabd5917cf485a55eaa

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
2707f8f8f4327ec6e96184de1a101c5f

SHA1
6b92a33f4c6a20c1a67d833b9aec3dce9ef9c14e

SHA256
cd0b248b21b19e7a5248037abac6411b3f6f5e692fcf99172d75925dc5867bad

SHA512
f71628acdc5782add5fe650d24e243a6d017ddfa5154360e09282d761d843c5d589fc297f9000ce0a0922ff3334ba5d15123b7e34c32bf28e535cefa4b1a8a9c

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
94d0d8e600ee8a2c7c41453d983b0cf2

SHA1
8c75dfa3099a833b7f82285a2e7a160c86d53385

SHA256
694ea1e27d76550a48baf29604c33ba6ae3948a9d9114cfdddf28162e7fcf67e

SHA512
b3034028425c6119c08e999d9bb00815840285649abe5815b4f36ad583879cbb235b455f73be0a53fffa6901ad5014c144f4c0f26c62ca8aad841fa143b5cf1d

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
3KB

MD5
d30d75449d4a29b5871d9c7ac9d09520

SHA1
37d0f7da88e68571c07d5aeebf1f1443b1bec894

SHA256
4bbe763b5ff90418ba4131d3675a256d403f946b761a4a3524b5b221860a9434

SHA512
e0694c7595391e3a46b183c0245d5f91e50400f2722aae7435d17b3a8a421ac681b2c6fbbb9f793408af24fee9016eb15a5a3ee21d6c35149ddc6a365a3e8b73

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
4092851fb7b463190aedf30087fc65fd

SHA1
c3527c0018c2b5dc5834ef5fc6387fc23558fd3f

SHA256
322b35ffa37c261016b83bc635119e55c795ed8b20620e4293c9fe8d45917991

SHA512
af2e0fef55978dd223923d5319fa5f8bd3be24a683af7c5cfa6d582ef1f6ed32584c6e70bc54a50045b4065ef402afe01244ab1b275d93f6ace8bd4f8bd67778

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
7423763628eee95de3d25b84c30c5b3a

SHA1
221579d554f917429beb6110cf422d94ede141ca

SHA256
11efb025f8d76eb224c0db50e2e6c478f3bdc2d93aea86f33c5375595124663b

SHA512
45c406d8dd7a5eb05183528ee8581e17f5509908cd2a12b9c65e749649f5a17567c4f96938c6d6e66234e72903111f1754cee22ac4e06e363a92d15aa6ecbdf9

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt

Filesize
584B

MD5
8f49a2b1faf5af62548666fe5e04e899

SHA1
ba1145726d7ea87ea71acd14d98c6f323bb03179

SHA256
e03b27117faaa5a7e04e3e29ab016d30320ff00840d787c20ece54f5ab6edad4

SHA512
a6a9c0d3174e3b6b40e926c8809b0023bdb39d97ae83fb8143532c5d82f1a9a5a3f9bf516c5f8f1f01b74c38f6356a00c46142c462d819da924203b712a264d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
64KB

MD5
9a8ceef2725801e17be5c55b0a7b6887

SHA1
567f8cc2c9704f0f9186e50bb7ed9582bc3ac924

SHA256
c34f0544214631ecebb3d75ea3e9876f8096703b293266fdcb6426952fc98027

SHA512
57c534210f5905ae7d74e3adb6c39ad3d387797786b9a9b8def51508f83b83e97dbca9a48dd0bf38dadb6ea81dc5769d704c8ad58471baf727866eb06c2c4dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
143KB

MD5
e279b5e0a16e5828f623ef1079b67b75

SHA1
3b78b6a493a6e453973f828b615cf13a8e7a97ff

SHA256
46f18aa0c06fef19a1afaf16f54e2ab6b8c8fbcd76fd8af2da4199a03a7e5caf

SHA512
04d6f716e89183d97b918b2985ac9eea749364d21795bae6e53bbed05588e5ea0e08ec62c686beef55e64999321f8ef74d1a00f85b5778470b744ad6f95bb47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

Filesize
75KB

MD5
70de1f52912e7ea07c158a80bf841fb2

SHA1
ce6a7d12ff7a2b008d1c27e17d0183ef44ec4ee5

SHA256
f0e881ec68c72d09f856ab4005ecdc633ca244ca2a59e911ea816dc6c50acae0

SHA512
fde93436cedb836222f24e70fb5ce846af4eba283db460adf23ad622a4438f2347787fe7a025c6aca956cb0e972f055f26483dbaa31d48a2e94c70bb962e2361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

Filesize
19KB

MD5
69ef77257c7fa3a494a232f90b05d55c

SHA1
19dc83dc05f718e9693de231d48bf0307d8d29a2

SHA256
d1ec04bcd468208a30012d660d1e857bd9d4d937957d45bb10cc7483de435421

SHA512
1b95ee10d622e1468e04691dc47fcb59da6349ba8cdc0814ac8d27a0ebcb9c09692ef1b86533ebd59f2bca87f3340cbe032a011223afe4e7db018af47bab38ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

Filesize
19KB

MD5
856a3daa268de8801e7cfd5b727b6de2

SHA1
8e099b433518980e657c7541c49b498e6b83430d

SHA256
b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5

SHA512
2f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0683aca8f50036b3_0

Filesize
33KB

MD5
e2182948f1cf59e7cfb90b732a36690f

SHA1
35ff1cb9d65f82ce79ad83d59f0b901393914944

SHA256
47383267b30f7ae0e4667aead18f43c1d7a5c86612ee285932871232b301f9d2

SHA512
ec8f3cb04df4429cfed1b33dad09590309cf561c75ee8613476808f3fa81c8d440aa9a9ec02672d161d4ddb446b8ae37d5b42a75b61eabcb9103af802102bb29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
0d2b7c7f8993a11a3495c9654ffc282b

SHA1
f78c05bde4892203ec4694540ed336c2e2982231

SHA256
05ccb0268f6bc9874e55f21ba74819523fdb96ce668485cc47e828617cd925e4

SHA512
bffb1445acdfe27d199bf49adc770dcb3eeb163d20327cf5c3b03d2e700fe2ebc9f7ef1a85623e575fb962bbd0465d71bd55efe6320b1f661fbaf2be967eb553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
7736ccfc96e3c7312ea36f20a61d7b91

SHA1
a7d6f309ce87bb3d603925b185df853df78724d8

SHA256
3f7f71a12b092f9b16b7a360eda123fd626b1cae3614849a6646eef65dd985fb

SHA512
837eed966931a12d9cadc3bc472aa51065a6c4aa51ca422e35fad6261880a07ea44c2324eac1ec1a3f944504ba5586bf6723bfcac6cd3aab4a0383eab4240380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
ef4f425cecdcc2ff01131f17abc2ff4f

SHA1
beb2b56dd195a5e27bbe2b9d75fc16313733ada8

SHA256
a4e82abcb13e6b47b9307b7be9752948b5d3c383890206f198352d4d61a5acd9

SHA512
1594fa98f4b35429c8f6d97afdd68e3a5a91e0d27fe6150093916ee0eb52be2411839956ca894c3ad6545f56830b6b53bcb0559a97ddd5e4bdd10c5775aedd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
537B

MD5
cb3f345459567182047a7237327bb8af

SHA1
bebf8b3601aec65062b69c1d505d4df958d2ddab

SHA256
2d572bd1d0dd95608a4f2f49bfca5578931c1afc34b9872e1851930918d0e22a

SHA512
91ddea591dc3a843cd5c14d75d4c2141bd405e27b234789a20c6e523ca71ee72eb33f6d3709e1facb5a6f8781ae95df6267494dfb7e94e12d7948d8295485196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
6a7e3a588331936c817c8d087d313bff

SHA1
2bde719d322265923e36069f39496912a115c857

SHA256
fd7251dc7b8b835105ced3556dd85ae8f52e91a33387cf084e9dacbd144d02a4

SHA512
2cd82db184239152f3a1f33cdd019467dbac19ca8415610b18d22e295146dd8e481c28ca1df5e5522727cb8fc2cc7e8928c555f14a09b076130439fda2958f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
f41564df7b2c8a8946d807e6cbe925e5

SHA1
03c39aa0077dbf73eb7c1b7a69cb042859011004

SHA256
a0e46704ef8521f262893d81eb97174705410e90b41949d1579f4a8746f6aec1

SHA512
93ab1c1f72fbca86d47bbf4e8a27371095a544a20023f18903da504bf6f05e094f9615dedb916786cc7e34d757355aac18e98b1165b8dae7b34acb7a1148085f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56641e542d70a03e2bb087b6e6de538d

SHA1
4c06c0a2304625bf440e2c576f10aeb11ef25bc2

SHA256
e958ce50360d292d94acad244f2b462366e45bf7490dfd79c189ffebb5ec34bd

SHA512
bdcd56da83f0d947e875f0f9451023a5610d841ff62a16a7929d7d0ca594277ccde42d78cad824a24fcd5cc797efd54650122b6163a0f1d6c22abe515462ec34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
134328d6e77366fe721682115faa9296

SHA1
184f31acba1ab62da5f6514d68c4215441b572d8

SHA256
d2313d0608db49a7a4b70a7a73aa5d200c75fd8743de6a982f729b0c6c5a33b3

SHA512
66778e48da0b3b439008a2a1b20d98548770f0b72d4824f1cbac49cfe85be5a93f2031f6e9c63fca22025eb3c7ec1b0caca167fa09d342452c6ace166a520863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
cdecb27a5c08d7b5e9e9958b1351e6c9

SHA1
1a520afea95af8087959e28ca8190d49e2fe2552

SHA256
a8b96991024e2e7dda3f2d9251dcffa67e777b67fed1993c3cdc7502dcd0fe4c

SHA512
389080a284e8f7954547758e5b5e498529e1e63258aabf3bb64a5490637ddd3d097a6b190592e48ec85e416be9ed222d78682009d269e4de141e75d55108e761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
0e6f2aded60672fd91ef5c5db93fa9c9

SHA1
ae2ea149adba18a2ed4a2ce8cbf3828102f3a897

SHA256
86999d53cd0b8a8e0831c8f680e6784d517d0a550c757ff9072bf9263e89d8a7

SHA512
2f63d58bac8d5da1f536375881af5ebdd0e400a25bccaf8fa98cba29a8616907629ee301746553a1e40c9ccc126ab151b77a0621cdcc755eea9e4bce1f76359e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a00ffa973eabda4cef9e9e18bdfd7c57

SHA1
f7b87f9f474643466f71a1cab2345405b7de51b2

SHA256
eb4167d0273ccc79776cc1af76843f2477bf8cf7ec03303c229c7b2ef9767a20

SHA512
50c23de3aa218d36990e799ef706f0f5ad45115c39cfa893c36fe98160ea8d0e6a5056d11025ba01a2de8f14b52d6232bd6becf8881b468a84099c58bb964e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e209122a19f66252d0f11abe024e428

SHA1
2aeab1f115bc0c0e4437f5815bc5eb04b7d29684

SHA256
b3c7ffb997b93935a32c7ab729ecd6937f6699782365f9c2289c7ab25dfd6743

SHA512
0949ec47c9b24ffabe55a8553b8396d9e1a06e56a968cbe7a730db9995aecedff0c891d6667fa7763ea4d9a4c7911f529e7e1534e37619bf6ac62f540eb66d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a52a6ad968c017f929b690b34f1efee4

SHA1
0b0c8c431b43ba3c39b19529211ea97afa92e9dd

SHA256
1d4748ecd2f18ae5396165c15b889b85f61977a7c673f71432f5c53ec97f02d3

SHA512
1560c4279d10839f54c6615c2ff25981fff23ffee4cb65ff4c0236abd0a8735960c0621fed5ae05d2c0e80d6b9ec146c05647a1d42790d3b3e6bc05ffc10e7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c488c945e6270fc0093c972e9898cc9

SHA1
7758606950a846a2f0b0a6e8b0cd7574fad59b3e

SHA256
375a7874542cadeede7016eb10eebcf56b407b69f5f6ba27181011dd4e1cd4f5

SHA512
ac8aa4fa571bf407e9a0ad6bab51d2f9b1f36bc87564a6fe2afa26db7d2905a0cb032786d0b9b1ecdb10227979d42834d2934340139d24d18a2978e00489b789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c5168bc754c12097b2010766560b26e9

SHA1
95d0af34d80a706e01b4a5afb8ba69550e2b7b0a

SHA256
4454ba9e5c1a25989bc6bca8b7ec2c961cf1f14ae7020b8cc1920daef84251de

SHA512
7828205ab0bf89f08f0455282917baa1060f8c7064f9e528cbfc386436abd808e0ed542d46b5c6bd11b10d1f194a0d1ca785d8bd68966505c8d20d678769b8b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
79da91cfca96f7f39b3bd6c133cf05f2

SHA1
ec1cce011a8db6d9bb2314ddd5455cbc6ed9bb67

SHA256
a11e2f4543cda9e2d4dded879145faa9790ebf4a831082053351e78b2d621b9b

SHA512
63c84e74e5e914ad206d32521c0e806435203c5f7bab63584831b5673937b28547c1d2bfc3212114459f9b2a905a39760afbb510c1bae569102516153ea95900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
21798fd14b3f4edce4dbade048e5ed87

SHA1
0080f1321c240dccbce1f616315d2e03462c0916

SHA256
66116deadb9b0c5e87aed0c27b462069c8e502364dabe16707b5ce16d7c4ee0d

SHA512
2c3194510bdf2e3a70ca3ed7f1f74615c06cd8a14647b6f2b372b3e9ef879ba32f0f128758e4684c0080668efdb364b0d0cba5c2ed0be68d76e6f529b223efcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
35c728f522906e49b16a9a651a2ed550

SHA1
1a0d4deb0a3093acf6e353528fcfa05f1faf5db6

SHA256
24a034f85320e916d218188762437c791a270b431b1d4eb29cf9bba150e24314

SHA512
7416b6fdc684d0cb9860abc6d39e4ed26cff6f82625b03f1b96b309e8a61701f973e6f4b122577f6f6148dd7da75dbd588c199bde114d3909bb3a24db53e9f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584cb4.TMP

Filesize
370B

MD5
816849bc354904bd936d000c1d16a11e

SHA1
6f24a66940fcb2b2daba7056db448608ac5130d0

SHA256
efc638a955c296b9dcc37ff0d68332ac2e8b4465db5e7f9c37d99ba0ce155753

SHA512
614fe852399dd3fe3c2ac18371aeb9b1776fc0f1f4f75e3b96f9236c78d79427c4930c317803787c48e3254b25a62a0435de746e5b070fe240920cb12b7c593b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
437576138ec218433b5d7f6ab8debcc5

SHA1
ed33bafd0fa815ca8489a9dbce7034effe324c76

SHA256
b77be78b210e6f9203d8ab373e9c4de3e97db7feda116c259ba9976d479897c1

SHA512
18ffeb8359e60a95da869a59c7a0b6a3848e09475796a0ef4f7aef0ca5476cb62776e6f51738994321f450590037d985ebc5e6b9fde209592a0c03a84ebd2ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33a97bcd8f6b49817c6677cb0106ee78

SHA1
f271ea093cf2f2743a03a38354bdd2366f40f6ff

SHA256
240b8b828da107f7954e59e63ee0f8bf42d2d41ae21f82ee7e99df262265ffa5

SHA512
171cce9a08d5a562d15a339c827be3c4c2394f1f9cf8c5dc266e1dfa77ae28496fc857651c9411c30ec41a3e2335e9537073d13ad0022ea0423fa7e54ca12ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f8c2dd35de8f9d4b35bac1e520b42e92

SHA1
9672e5092369da056ac532181f3d427473b725fe

SHA256
a992571248dfc87807ac705705c119b31897e9ef212a5fd1d99360b339d1a65f

SHA512
cda1fdbaabccbc7896bbee97e16a3f661668aeb0c522a1c4450fdfe85ad68876e6d9c8fcbb73d6005fb98c89a81bd7c1056e4955f836b57b34cf32dbdcf647d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
18ac9fe94e6e1654fb1e4c9f823dfa21

SHA1
5492492cfceed208c813f96db04915405f3b05f5

SHA256
81b27c447db746fa9c109683ffeccc4155a47d35720fff805e3035534babda2b

SHA512
afcb83df7db943ef59241e3e7129adbb30c3c0da085cb8dcf03e8637b6d11d7e58261d5c3e84df21049551123f3cea224f54a5ddc1549313eee6999f753d0d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8aaa06008fe3035fd2bfe305d0be036c

SHA1
7ec0f9afd3d1dcf48b242b41be881bba14aa1bd9

SHA256
aa1bcfd92a82dd1996f23ebf463917a1a7be3d1030570776040743ca0ea6b8fd

SHA512
a5f3a9aa0892ec421a950c8641a9a080fe94c373e518ab15d3d474ec9154352fcc472394341c5259f40831420230d75e39917a1d5e254e5f5bbc19fce3feff34

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

Filesize
28.0MB

MD5
58b8915d4281db10762af30eaf315c9e

SHA1
1e8b10818226fa29bfa5cdd8c2595ba080b72a71

SHA256
c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e

SHA512
49247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
67KB

MD5
7d5d3e2fcfa5ff53f5ae075ed4327b18

SHA1
3905104d8f7ba88b3b34f4997f3948b3183953f6

SHA256
e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4

SHA512
e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589

Download Submit
C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe

Filesize
1.9MB

MD5
6676518e445c141dd44bed41dd13ad5d

SHA1
aa456e451146f8402dc636506d4815c348a2de0b

SHA256
c8ecf7d20fac0de8a1f4e4dc7c58f23f3bef0975a1dc1837a40dad52d95a043f

SHA512
df76db899cccf175b36090380c441a1d61912d40c47ad64641a6f78a29d16c055c864999f5f0eb3fc6901f3ba3a95023fd4886e7e1a22c54e9150d85f08303fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

Filesize
7KB

MD5
717b171ac4b24be167573f359e166224

SHA1
63d9fe7034a8265d2daf84b6ae5e84b00d76e8f4

SHA256
d8b24d6d34d7743a1de7e28954f6aab3e8a10197bb055f49beec84e0df8dd689

SHA512
a9d5be9feb8fc5528ecffde87185fa00cd77d8f5990ff95bc2fbe7d253dbabc3871677a9edc63a544d1731dd63de5fada42a5cf695553ad9f6adc8bc3c85e936

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e1f3fa1073849de1110e4ea78c3dc9db

SHA1
a0cdc9152dd5daacea9b12075bf394eff4cad68f

SHA256
c5039e6da1f4a36952c7af944ffce544a786d0c69ba9f442d28581c73e087b34

SHA512
5d997bc1683930908937524494c3dd9bdd74b95c86ee193591049cbf618df8e869ec5e11d7a775263a0c43bd2afe059ab7924645b6ac22aba2ff06cad6467ad3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
10fc86c40968dfb0ee01735790276280

SHA1
8139bbc4e88058541296aad5e16adcb5736dce0b

SHA256
588b1347cf5d06b6da2d69a17d8aeda0be2c1c83a5383e420f1ac48e366593af

SHA512
f5cdb71b19aea63f6f66149cf68cf5c12b37ee19dcf574120a5d5f7c59fccb722eb21566519b67a21ab6c8e6a52f08253f52d27bb8ceb3eb193c8f5fab3a3b61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\70f3183d-e228-4400-a9be-f3c4231219cb

Filesize
26KB

MD5
e0bd5c399034c0ae170c0f6108e9003e

SHA1
950cfc46724007321030a816d04b8e1663d9121e

SHA256
d58fe7aa07e7ec6eddd705c57f0087fc335b9b55352f8aee73a6b804c238cc10

SHA512
c28d4ccc90999c0f3a5df0672a8e9bda2aa77d3f112d2508f4103cdd5006d9d0be0f12bd458cf77e4bff0248a4308b000951f331d1f397320fb2e020de092bbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\bef668cb-83cb-4b04-951b-5721e978cb12

Filesize
982B

MD5
33cbf7f1a63b179fa75f256f75e56c96

SHA1
686c2811247c66e37af03c7cef33c54bbba7a3b3

SHA256
43eb39b24ec8331c482ad2aa7c785e63af1f176c15202bf363e7a625b422782b

SHA512
3df780ae9a70d1ab4b1433dcb9272099bb9656dae6e907f720bdd0283c28c89a52ae8f24e4a77157f6d5eb0ecb3c45b2f47b5768534fd4ed5657c70c5de0d39c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\d9a7f902-6c6d-48ab-873e-4764facb013b

Filesize
671B

MD5
f1017f69d25bddb3434d59913a013846

SHA1
0f9bd03a84f02a0fab8536e5733216af56a0cb9d

SHA256
c5ab1657474e1bcbc166a6c9a547667a3827488b2aa688fae4b53404269b23a1

SHA512
8315f26a74390faddea09eea12d876b66468f3eccbef670dbb317ced9adf0267a2504735c55e29798372aecebfe3d2c541c27e4038ee10ffc341007077b3759c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
9KB

MD5
3454b7fc1e021c13b64b2dee477604ff

SHA1
235fca524bb2f5e339d05c93213e3cf656a778a1

SHA256
b5fe14994d89ded6ed6acf395d8ca2e8bab905de8719de7ec5ec9fc417ef8c62

SHA512
3125bd82c329570dc3e14c2193a78debb03b911389cb1fc3dc73da366c595f14f35e634b697e39b09820210a9c8a91be3fe8070d5943b64fedd3fd711643f900

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
d0275884f33890e967eb684fc7960a14

SHA1
ddfada4c749be8cdff3fe4ae3680a9454b8f3f50

SHA256
ec1fc36fcb008325aac4e95eae20110bcde5ac957129fd9d2ba765537dc8c872

SHA512
83ee2f05754de1588d002b180bab51a68dedb55c95aed5b5763b98a12957af53c128d4193b2ea0fbb8c79e22b6d0f3cd2b5735f12da6bb5a58ac99db71bd525e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
9KB

MD5
313e27b50af01aae74699c3471da9f8e

SHA1
6de2ca8b2f3b46ffdab2e2a8e21fe57f8e8e6944

SHA256
93588f2bbceefe2c53e81f36ec16a8161065d30cd323e2b9da53f7edc0b391e4

SHA512
5a25d0fb340167d776575bb6c8c35ad3cd014d475559b22fa76ec1e091901e5e6edcfaebc9da68ee3f49b462c35e962bcc61a27b3bd48a499b8a2d1249cbdc94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
82a2e849ac0ab08c0f7bae7e0a8784aa

SHA1
b821300ff75be3ffca0fea9c2797f03b8247a65c

SHA256
cf9569f04762d16e1acc8df603ce82e87b8d8e0285d9eb39f2c4ce12a9981eaa

SHA512
af9733847327ade6d8687ad9a51c406dde077d9a766eff432ad72bddc69213cfc53fe43fac49ee9bb55608591c96fd31b9747ee6698f468bc28bd96d1d57436b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
cb5be7a7f610633cdfe6f0511244aa4f

SHA1
55484fd2a8158713cae4629af0291e4b9f0e9805

SHA256
52b6ef881c8fc307ba234113175370dd61c028e63612adb02e2b1326f40a2702

SHA512
5de30f1179f645af75b02125f60c60c6ac53fc93a28ca4efe476da14fafda1fd590ba3d5d0d5fa4a7f3e062c271c9374e49d97623e9f627380e8c8b4982ed1c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
0ac3a56b9cf13f404bbd4fec6655b0aa

SHA1
19a00bf477f7e534c401c0df552cdc4f585e379b

SHA256
05ee5dfd36429e2df20789577cb24c2727cffc6369365586b5cbd801a4e8dc0d

SHA512
4e9e96b52baf7a23a2a1d65724f56ab6a17c6498344c57cd9fd13e016357c44274b9292189af3afeeb10e4545b8da685ff38f4589954705f8958b58d0b6b0128

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
d08ff51f097136b03d37e08458b8d973

SHA1
c6f968ae076423211b0514bea6fa3a1f17625bea

SHA256
d57eb61ebbb383ef24d0015e4277b409e320db30b92c0b65f72f15691e66c451

SHA512
f58a51b139369d37016892e79402f48e184cb4d4aa4080789b2d4e19af236cf6befbd8d7d43e0e05dc7678bb284e185117dcf954076d6ed75808ad787c625b85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
25e4300c801bfbb00dae8ba999e0d755

SHA1
06700161a74442f11b6b0950118dd670cdef8f44

SHA256
5292592931a8ccf65291aaee6db2f9ed380219dcb864f297df87cdd8c7668f90

SHA512
8cad74782f2e338bf1ba5dc907c4a031e86728d4d54d8efd6e3516c2c95b8b3ea5aea2c2b30e38447256dffe3038e7e5a119793f4d62281d9e719f1ff9775a36

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
5.4MB

MD5
cfefb36838560b726b44c5eb64bc55f6

SHA1
28b9646a5d6e9aecf4b6cdf6bb97fe30f18900f3

SHA256
eb02f21fab1f3bd916d086a5129c7d9aa39027cab9b61e93866e0bfb0724d85a

SHA512
732173841815647fe8d3fa758669afebcf9e754c93ed1722b4d4119d04f6a5297ca6177ee1c777b3302ff6f72a810a037b2d344c66ba6086af791ed8a50c9519

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

Filesize
148B

MD5
40cf653374691fda80428fd3e053b02e

SHA1
ade26f417c4cd5ff44cfdc684db48a850a57b840

SHA256
2bffa360b610bbeae2ca6479218a4955c6830b191352845f48eb566bbe4578e6

SHA512
bf610c3d7f8aa328a08bab69bb2d96dcebba3b030eb09309999b15c15d72ec1d0e83f2e00f9e090f5cd514ae4f020262d145864d569c35e395fd2bdd7b68e444

Download Submit
C:\Users\Admin\Downloads\d95bce5f-dd94-4e09-a2dc-0fe7cce16a60.tmp

Filesize
3.3MB

MD5
3470dad8219537a4b4d9f1ff73436893

SHA1
fc5ba88ce9719ad6ba6febbaab971801cd625933

SHA256
1f5cc5c2211c48f57acf7d4113a487fbbd74a423303102821c913139d7ff782a

SHA512
2cf931cf203650781ca27051cf58b61a26700cb492086ce04a8680a49126b63276c77241d5d3f31a8a948edf56e0accec57c78e620200d310af48fa076d33c94

Download Submit
memory/8-2633-0x0000015BBA720000-0x0000015BBA760000-memory.dmp

Filesize
256KB

Download
memory/8-2634-0x0000015BBC050000-0x0000015BBC080000-memory.dmp

Filesize
192KB

Download
memory/8-2632-0x0000015BBA240000-0x0000015BBA2C8000-memory.dmp

Filesize
544KB

Download
memory/8-2635-0x0000015BD4980000-0x0000015BD49BA000-memory.dmp

Filesize
232KB

Download
memory/8-5210-0x0000015BD4F90000-0x0000015BD4FE6000-memory.dmp

Filesize
344KB

Download
memory/8-2636-0x0000015BD4940000-0x0000015BD496A000-memory.dmp

Filesize
168KB

Download
memory/8-2639-0x0000015BD4A20000-0x0000015BD4A78000-memory.dmp

Filesize
352KB

Download
memory/1112-2463-0x0000000005CC0000-0x0000000005CD4000-memory.dmp

Filesize
80KB

Download
memory/1112-2464-0x00000000734A0000-0x00000000734B4000-memory.dmp

Filesize
80KB

Download
memory/3056-211-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/3056-5-0x0000000006800000-0x0000000006838000-memory.dmp

Filesize
224KB

Download
memory/3056-28-0x000000000D9C0000-0x000000000DA52000-memory.dmp

Filesize
584KB

Download
memory/3056-4-0x0000000006380000-0x0000000006388000-memory.dmp

Filesize
32KB

Download
memory/3056-3-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/3056-0-0x000000007458E000-0x000000007458F000-memory.dmp

Filesize
4KB

Download
memory/3056-27-0x00000000107A0000-0x0000000010D46000-memory.dmp

Filesize
5.6MB

Download
memory/3056-2-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/3056-16-0x000000000C300000-0x000000000C308000-memory.dmp

Filesize
32KB

Download
memory/3056-15-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/3056-14-0x00000000076D0000-0x000000000776C000-memory.dmp

Filesize
624KB

Download
memory/3056-6-0x0000000006390000-0x000000000639E000-memory.dmp

Filesize
56KB

Download
memory/3056-7-0x00000000068F0000-0x00000000069A0000-memory.dmp

Filesize
704KB

Download
memory/3056-1-0x0000000000780000-0x0000000001886000-memory.dmp

Filesize
17.0MB

Download
memory/3056-210-0x000000007458E000-0x000000007458F000-memory.dmp

Filesize
4KB

Download
memory/3056-212-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/3056-213-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/3056-214-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/3056-229-0x000000000C4E0000-0x000000000C4EA000-memory.dmp

Filesize
40KB

Download
memory/3056-239-0x000000000DEE0000-0x000000000E068000-memory.dmp

Filesize
1.5MB

Download
memory/3056-13-0x0000000007260000-0x00000000075B7000-memory.dmp

Filesize
3.3MB

Download
memory/3056-245-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/3056-8-0x0000000006D20000-0x0000000006D96000-memory.dmp

Filesize
472KB

Download
memory/3056-11-0x0000000006CE0000-0x0000000006D02000-memory.dmp

Filesize
136KB

Download
memory/3056-12-0x0000000006DC0000-0x0000000006DDE000-memory.dmp

Filesize
120KB

Download
memory/3272-3183-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3185-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3016-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3020-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3019-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3021-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3018-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3022-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3017-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3030-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3037-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3036-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3035-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3034-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3033-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3032-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3031-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3029-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3028-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3027-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3043-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp

Filesize
64KB

Download
memory/3272-3026-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3205-0x00007FF6A3BA0000-0x00007FF6A3BB0000-memory.dmp

Filesize
64KB

Download
memory/3272-3307-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp

Filesize
64KB

Download
memory/3272-3305-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp

Filesize
64KB

Download
memory/3272-3303-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp

Filesize
64KB

Download
memory/3272-3287-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp

Filesize
64KB

Download
memory/3272-3275-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp

Filesize
64KB

Download
memory/3272-3274-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp

Filesize
64KB

Download
memory/3272-3269-0x00007FF6C7260000-0x00007FF6C7270000-memory.dmp

Filesize
64KB

Download
memory/3272-3249-0x00007FF6B6530000-0x00007FF6B6540000-memory.dmp

Filesize
64KB

Download
memory/3272-3248-0x00007FF6B6530000-0x00007FF6B6540000-memory.dmp

Filesize
64KB

Download
memory/3272-3230-0x00007FF662960000-0x00007FF662970000-memory.dmp

Filesize
64KB

Download
memory/3272-3204-0x00007FF6C7270000-0x00007FF6C7280000-memory.dmp

Filesize
64KB

Download
memory/3272-3201-0x00007FF6BE9A0000-0x00007FF6BE9B0000-memory.dmp

Filesize
64KB

Download
memory/3272-3014-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3009-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3181-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3178-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3174-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3152-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3147-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3139-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3133-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3112-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3111-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3109-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3099-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3097-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3086-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3085-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3065-0x00007FF689DC0000-0x00007FF689DD0000-memory.dmp

Filesize
64KB

Download
memory/3272-3054-0x00007FF6B6530000-0x00007FF6B6540000-memory.dmp

Filesize
64KB

Download
memory/3272-3046-0x00007FF694B10000-0x00007FF694B20000-memory.dmp

Filesize
64KB

Download
memory/3272-3025-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3024-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3023-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3015-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3013-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3008-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3007-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3012-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3010-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/3272-3011-0x00007FF6D2360000-0x00007FF6D2370000-memory.dmp

Filesize
64KB

Download
memory/7636-2564-0x000001DFC76D0000-0x000001DFC7BF8000-memory.dmp

Filesize
5.2MB

Download
memory/7636-2563-0x000001DFACB80000-0x000001DFACB88000-memory.dmp

Filesize
32KB

Download
memory/8116-2391-0x000000000A020000-0x000000000A54C000-memory.dmp

Filesize
5.2MB

Download
memory/8116-2390-0x0000000009A80000-0x0000000009AE6000-memory.dmp

Filesize
408KB

Download
memory/8116-2389-0x00000000099E0000-0x0000000009A7C000-memory.dmp

Filesize
624KB

Download
memory/8116-2388-0x0000000009900000-0x0000000009944000-memory.dmp

Filesize
272KB

Download
memory/8116-2386-0x0000000005BC0000-0x0000000005BD4000-memory.dmp

Filesize
80KB

Download
memory/8116-2387-0x0000000073560000-0x0000000073574000-memory.dmp

Filesize
80KB

Download