hxxps://github[.]com

max time kernel
487s
max time network
486s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06/06/2024, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	bcastdvr.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 7 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621317390146485"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "424439577"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c217b908e1b7da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = bca8780ee1b7da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 40ad76dae0d6da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 39f29208e1b7da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = eea2a308e1b7da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4192	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
3116	chrome.exe
3116	chrome.exe
1504	chrome.exe
1504	chrome.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
4064	MicrosoftEdgeCP.exe
4064	MicrosoftEdgeCP.exe
4064	MicrosoftEdgeCP.exe
4064	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4448	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4448	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4448	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4448	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1672	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1672	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeDebugPrivilege	1912	MicrosoftEdge.exe
Token: SeDebugPrivilege	1912	MicrosoftEdge.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: 33	5208	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5208	AUDIODG.EXE
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe
5280	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1912	MicrosoftEdge.exe
4064	MicrosoftEdgeCP.exe
4448	MicrosoftEdgeCP.exe
4064	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 4064 wrote to memory of 1672	4064	MicrosoftEdgeCP.exe	78
PID 3116 wrote to memory of 3052	3116	chrome.exe	83
PID 3116 wrote to memory of 3052	3116	chrome.exe	83
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4128	3116	chrome.exe	85
PID 3116 wrote to memory of 4700	3116	chrome.exe	86
PID 3116 wrote to memory of 4700	3116	chrome.exe	86
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87
PID 3116 wrote to memory of 236	3116	chrome.exe	87

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com"
1⤵
PID:3936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4784

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4064

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4448

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1672

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb64b79758,0x7ffb64b79768,0x7ffb64b79778
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4752 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4452 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3096 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5452 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2920 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5036 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4928 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5532 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6428 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1500,i,17086508112116510251,9100554096500268163,131072 /prefetch:8
  2⤵
  PID:5632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4116

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\start.bat"
1⤵
PID:2208
- C:\Users\Admin\Desktop\jdk\bin\javaw.exe
  jdk\bin\javaw.exe "-Dos.name=Windows 10" -Dos.version=10.0 -Djava.library.path=natives -cp libs\authlib-1.5.25.jar;libs\codecjorbis-20101023.jar;libs\codecwav-20101023.jar;libs\commons-codec-1.10.jar;libs\commons-compress-1.8.1.jar;libs\commons-io-2.5.jar;libs\commons-lang3-3.5.jar;libs\commons-logging-1.1.3.jar;libs\emulator.jar;libs\fastutil-7.1.0.jar;libs\filters-2.0.235-1.jar;libs\gson-2.8.0.jar;libs\guava-21.0.jar;libs\httpclient-4.3.3.jar;libs\httpcore-4.3.2.jar;libs\icu4j-core-mojang-51.2.jar;libs\java-discord-rpc-2.0.1.jar;libs\javafx.graphics.jar;libs\jinput-2.0.5.jar;libs\jinput-platform-2.0.5-natives-windows.jar;libs\jna-4.4.0.jar;libs\jopt-simple-5.0.3.jar;libs\jsr305-3.0.1-sources.jar;libs\jsr305-3.0.1.jar;libs\jutils-1.0.0.jar;libs\libraryjavasound-20101123.jar;libs\librarylwjglopenal-20100824.jar;libs\lwjgl.jar;libs\lwjgl_util.jar;libs\netty-all-4.1.9.Final.jar;libs\openauth-1.1.3.jar;libs\oshi-core-1.1.jar;libs\patchy-1.2.3.jar;libs\platform-3.4.0.jar;libs\realms-1.10.22.jar;libs\soundsystem-20120107.jar;libs\text2speech-1.10.3-natives-windows.jar;libs\text2speech-1.10.3.jar;libs\ViaBackwards-4.5.1.jar;libs\ViaRewind-2.0.2.jar;libs\ViaSnakeYaml-1.30.jar;libs\ViaVersion-4.5.1.jar;minecraft.jar; -Xmx3000M -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -Dfml.ignoreInvalidMinecraftCertificates=true -Dfml.ignorePatchDiscrepancies=true -Djava.net.preferIPv4Stack=true -Dminecraft.applet.TargetDirectory=\ net.minecraft.client.main.Main --username arab --version celestial --gameDir \ --assetsDir assets --assetIndex 1.12.2 --uuid ce01a476407d4287bef896330abe919e --accessToken 0 --userType mojang --versionType release --width 925 --height 530
  2⤵
  - Checks processor information in registry
  PID:5212

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\optionsof.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4192

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\minecraft.jar"
1⤵
PID:5812

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:5104

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000040368 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:2168

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Drops desktop.ini file(s)
PID:2880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\start.bat" "
1⤵
PID:1980
- C:\Users\Admin\Desktop\jdk\bin\javaw.exe
  jdk\bin\javaw.exe "-Dos.name=Windows 10" -Dos.version=10.0 -Djava.library.path=natives -cp libs\authlib-1.5.25.jar;libs\codecjorbis-20101023.jar;libs\codecwav-20101023.jar;libs\commons-codec-1.10.jar;libs\commons-compress-1.8.1.jar;libs\commons-io-2.5.jar;libs\commons-lang3-3.5.jar;libs\commons-logging-1.1.3.jar;libs\emulator.jar;libs\fastutil-7.1.0.jar;libs\filters-2.0.235-1.jar;libs\gson-2.8.0.jar;libs\guava-21.0.jar;libs\httpclient-4.3.3.jar;libs\httpcore-4.3.2.jar;libs\icu4j-core-mojang-51.2.jar;libs\java-discord-rpc-2.0.1.jar;libs\javafx.graphics.jar;libs\jinput-2.0.5.jar;libs\jinput-platform-2.0.5-natives-windows.jar;libs\jna-4.4.0.jar;libs\jopt-simple-5.0.3.jar;libs\jsr305-3.0.1-sources.jar;libs\jsr305-3.0.1.jar;libs\jutils-1.0.0.jar;libs\libraryjavasound-20101123.jar;libs\librarylwjglopenal-20100824.jar;libs\lwjgl.jar;libs\lwjgl_util.jar;libs\netty-all-4.1.9.Final.jar;libs\openauth-1.1.3.jar;libs\oshi-core-1.1.jar;libs\patchy-1.2.3.jar;libs\platform-3.4.0.jar;libs\realms-1.10.22.jar;libs\soundsystem-20120107.jar;libs\text2speech-1.10.3-natives-windows.jar;libs\text2speech-1.10.3.jar;libs\ViaBackwards-4.5.1.jar;libs\ViaRewind-2.0.2.jar;libs\ViaSnakeYaml-1.30.jar;libs\ViaVersion-4.5.1.jar;minecraft.jar; -Xmx3000M -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -Dfml.ignoreInvalidMinecraftCertificates=true -Dfml.ignorePatchDiscrepancies=true -Djava.net.preferIPv4Stack=true -Dminecraft.applet.TargetDirectory=\ net.minecraft.client.main.Main --username arab --version celestial --gameDir \ --assetsDir assets --assetIndex 1.12.2 --uuid ce01a476407d4287bef896330abe919e --accessToken 0 --userType mojang --versionType release --width 925 --height 530
  2⤵
  - Checks processor information in registry
  PID:4352

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\start.bat"
1⤵
PID:3764
- C:\Users\Admin\Desktop\jdk\bin\javaw.exe
  jdk\bin\javaw.exe "-Dos.name=Windows 10" -Dos.version=10.0 -Djava.library.path=natives -cp libs\authlib-1.5.25.jar;libs\codecjorbis-20101023.jar;libs\codecwav-20101023.jar;libs\commons-codec-1.10.jar;libs\commons-compress-1.8.1.jar;libs\commons-io-2.5.jar;libs\commons-lang3-3.5.jar;libs\commons-logging-1.1.3.jar;libs\emulator.jar;libs\fastutil-7.1.0.jar;libs\filters-2.0.235-1.jar;libs\gson-2.8.0.jar;libs\guava-21.0.jar;libs\httpclient-4.3.3.jar;libs\httpcore-4.3.2.jar;libs\icu4j-core-mojang-51.2.jar;libs\java-discord-rpc-2.0.1.jar;libs\javafx.graphics.jar;libs\jinput-2.0.5.jar;libs\jinput-platform-2.0.5-natives-windows.jar;libs\jna-4.4.0.jar;libs\jopt-simple-5.0.3.jar;libs\jsr305-3.0.1-sources.jar;libs\jsr305-3.0.1.jar;libs\jutils-1.0.0.jar;libs\libraryjavasound-20101123.jar;libs\librarylwjglopenal-20100824.jar;libs\lwjgl.jar;libs\lwjgl_util.jar;libs\netty-all-4.1.9.Final.jar;libs\openauth-1.1.3.jar;libs\oshi-core-1.1.jar;libs\patchy-1.2.3.jar;libs\platform-3.4.0.jar;libs\realms-1.10.22.jar;libs\soundsystem-20120107.jar;libs\text2speech-1.10.3-natives-windows.jar;libs\text2speech-1.10.3.jar;libs\ViaBackwards-4.5.1.jar;libs\ViaRewind-2.0.2.jar;libs\ViaSnakeYaml-1.30.jar;libs\ViaVersion-4.5.1.jar;minecraft.jar; -Xmx3000M -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -Dfml.ignoreInvalidMinecraftCertificates=true -Dfml.ignorePatchDiscrepancies=true -Djava.net.preferIPv4Stack=true -Dminecraft.applet.TargetDirectory=\ net.minecraft.client.main.Main --username arab --version celestial --gameDir \ --assetsDir assets --assetIndex 1.12.2 --uuid ce01a476407d4287bef896330abe919e --accessToken 0 --userType mojang --versionType release --width 925 --height 530
  2⤵
  - Checks processor information in registry
  PID:5272

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
19KB

MD5
05bdeafc21f9f5ad77ad78c49035f5b5

SHA1
7dcfed6e175f4ed4fb90e5f4ff7029cb910f428b

SHA256
1d136a12394056fca976ff92241b0d16bf8f1cc2887d8f9308ea9919b4c5af30

SHA512
1ae54be2de38b1a03575444c72dec87f58b9b0899c719a226669dcb8471c0c65dc89a097884a51f39f8baaa42d0be1341767c5aef8eedf20de86396e483bd739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
56KB

MD5
6a398c523b4af71cc52ccac6368818a4

SHA1
62227e5498db7cd86e0b6e68dd2530dec33905e0

SHA256
0375bff344824419266a6621456ddbec01cd642035d6389f03c6d6ec299d81db

SHA512
882621913e323b9c89fb68561bf78f104e629e1741245fbe2d0a8b8a9404d5ed961106f9e717f040cbd145ef901b1e8b0b787786a79eb2b15d4e3c597e3c2580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
c977ea8cf75d525c5c89b69a4e9e3417

SHA1
fff56306acae2f370d227a32431295e1af94db0f

SHA256
61e8bc4eb826b84007c9a031618d130915a8ab5d9c7abc3011356f1483f2cebc

SHA512
2f793847defaa46250045285ef932022ab16204b15aa8a96225e56d5c3ee846eddd6370711bbdb2c7c87854ee50a4b2ba2726aa0f8acd74e6b38c4629805fb3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
2927e7b37f6d3ecdb895c467260a785d

SHA1
de55829df92c1b8d679df088f3c4dc24ae83a6ef

SHA256
127681d125531cfa5972a890002f4d63bf259daa4da5cbf52d5ac868b7eb5b43

SHA512
e754aafc659545f0df024e6a5d4b46cdd740e27ddfb74a4a466538ba6eeb4b410f94b606c3e96e0ecb71b2a0c9a6596b31584dd25c5a7b96c8548c0be4404ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\293ca0e2-219f-4ac2-8149-15fb0384ed91.tmp

Filesize
3KB

MD5
a6f7c4eca0c7ffdcf579bd5faa71a756

SHA1
65bc867d6f5320b1ce006383447051c62dff17a8

SHA256
eba0ba5a5ff0705b079a5f782cce03a5109483f5a2f703d2409f9cd59ea053e2

SHA512
d73038b4a72bc1842bdd8529850eba1dadde96870057afc38ce9f9cbadc50c0bb29bbcfe92b1d79eca1e97e43b9e4629b70cf94f1b9226674753605e31b8061c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
2d65c516fc2974b20b8b3b51d66014fe

SHA1
ffd34aa8adb69288a19a4799e6dfda262afd38c6

SHA256
7bec76e9760533fef09f461085ffe212c8bff5c9a52a7d935a66bbc9f0384a09

SHA512
4af78aa201d31b3380e66a98e6693dbb77cccce9392201f7638439f2e9142aa3ef44936aa93fb66d337d090afe8e0a8fdc1eeee653f1e142c53e29a001d45b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b95b05800fe81f04fdb7ead3e082313e

SHA1
8381a3a2910b12869d5d44a8278a02db13050f65

SHA256
6f3b077387b1c012b7fa4413e0ea8fda90af8a41a93db21f4927403c652ee5f2

SHA512
4fe624ac0f0d79053f971ba1b94c02bcaabb1a2e89928ced6ea3732196bfd7171e35774f7ce8665406f1197fab17905c777d30e2e7f9a3eac908476c83c76900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
569e85197c37cd321c2514ecac033913

SHA1
51db459669c4b007ba3cfa740a386f13bde25e95

SHA256
6b036acc9a95254bc54d515003aea48df4df0a3b8f8c7a847153f99e68f333ac

SHA512
8845ec7a04202c9aba08debb5a04de52b58e420905ebcacba1f61e81bae019f7f2d6f4dbc7fbee7700e2b997bee4b247041d87ec4972beb7a542a38a5066e3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
94699514fb5fd0cab202574890f15289

SHA1
8bc8d6eade52d637b0751e09c589630752b0e271

SHA256
b8332b584b186c3c5d01830637df5271bf5a3e480608d8050cd0081f4479b5c2

SHA512
96918538eb7a7f2e38dc7e7c73cf3b0d947b2b76a6732bcad168ee601381a3373d3484ba63df6734b99d6ab266b9b4e7f2155202430ec74335e05f4862a02681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c102a00ea1dbd4f6859bf414ea67b5dc

SHA1
6a669441e4b4b3e2160453e6b16b2bc0b353d419

SHA256
89364b9214863c2674f4add6ae1e0a60f16780df2376ba2ef889ccb5c149bd01

SHA512
8a8bd2c22f800e842e7c3ebeb18ffb1cefe40e6e15f1094655dbd3081f0d83ff7d9a84733da09b82cbd6e8635083bfbea46ed60d9d137a479bf226e2c17f4ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
7a0024e0531c23f067cfc75e5ce661b6

SHA1
0e91f57b9e6565ab0b26b14c7efe711a39b3bf49

SHA256
e4c6ec12c30a065baf0166490df05e605c045f0d14611127c400e3a000bc3866

SHA512
1f9595c71ff2399050fae345252f658e21b1b1d83391d43c0d8ff175af02ff5c4b2d38ce13a3576fc3ed9ad6978d78c467214c648a5e2b4ac92dd7749bb2d9a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fd2c36162c347ddfcc5ef67bd0280736

SHA1
cd6e3f8eb803d366e9ffe79778168c1c6a3bc9dd

SHA256
a4d0df5ad48e70367c6a4383aaf3e30549c43f04566c0a8d8f9da8222de509e7

SHA512
6ab41c02e6bb97e909c7a6a71aa54d1f71ab8f9c83f015a956d94add7ce92428bf6a530623143a865318d36d33e65cdd2517ca7c437f3f37ed8be627ef02855d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d0575968aea1930bf1092937fd018662

SHA1
944fee1de071bbc481eeec3edf9730d5edcc79ef

SHA256
677874cefe047a4622a9a48a24b76cc922043b8245315167344d7a6f290646fe

SHA512
8c79f76f39c4de53b15e56b90b800e204fed6cd247b6ec713f3e66aff850b3eda2be2b0fee4742c530ce2e5135a873a6db9cd73716eca76a4da55242fae62857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1977d3dfac958c45679cf31186bdb801

SHA1
19b09d2d3fe006274fd8798362e32a1bd4619d4f

SHA256
19ea54a140ea9a299c438c209b0e7fd22b8fe66fc1a3c934ed2f3a1b79f3eced

SHA512
f4d02e91c373a00d3d24c4690340336f09c7e997e4daf52b35e283b8142c2184af03834500b7afa5aef075a68b401294ee7fba8a2545af4b9318b6d2f2408702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6a170ed519de57600f9bffdca009abcd

SHA1
dc0d89f7dd5d6a16413e46b0ca8b2082af12f9b3

SHA256
dbcb84edd5876e4909446630d1615c512981d948eb8bd6cef3d37c4c0a5c520f

SHA512
2461b73555508e863f566628273aee2320d899b35bb741cf8add7238a49c9394a623ac67695ae69b91a64f04362a2d53a7331e3d69dbc96f816362ab8e1a7d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9341aa59cd03a6c9181b8ec8b5fe4c58

SHA1
141f2849c0f3a858538f3c28096865e840183855

SHA256
f7ec1388b9fd24038f46985d3401026139e1099d5031e2ad5db99815329dbce4

SHA512
2b9811d5e97961c932a9ec8ad13ae86c4b126ba0e50f7b35a6ec82ad1c1c25da79a7357b456668e8b7f1759f071fc47e47c0845d7d2ee69173f8d6c5e2e5ac31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
310efa12641b1b54014cee5fbc1f9f32

SHA1
b38f6b89c022880dc2b3ba2585f6f212915a675d

SHA256
0b8dbe6f0aa1c19f4f9e10785f54b4a3540d84bde53cc9036b2675e17c9e0114

SHA512
c3a88429410eb6e840647db780c1dcf3ba2603aaf0dfb1750b28a9dcc9fe74f0ca098a646140dfef24cd64766f2cc6a53b5c1c271e71378775f00291ecdea63a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b3955f3dafd3ce754956b270088fef27

SHA1
abf0d6dcb0f5c0090963ea4d53e65a3dcddce7bf

SHA256
baafac43a8e5ab8fcd33cce6de7acbbb7daabaa44528edc63e49a2c6ed0dcec7

SHA512
54003c7e3a9dcae1b461d796b2e479a9dfb08e5a6365d71ecc1fedc964117fdacf43c66ffb51f6b39dcefe3ff2e7d6aa2476a1d2ff07c6e35ebc718a25d0bc93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
635b23c8a37bcb12e72785ca6d24c99e

SHA1
c60474f78ac01cb9448b3df11aab96695963659e

SHA256
2fc0841292962fb1202c59203f6f61952b407abcf0f6d0a53bd77832fa9bbde3

SHA512
378d07b17d7003293e87061e4c62f1af0275823f0a748f97106ecb32469301e68086b3c5c04178ab4452ba7ca810f4edb8c66caf04e42a71f2d5f8b23c9ba73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8cb46293d9bde90e897f85a5c3263a9a

SHA1
bed2b659f6b55cb8d55323dfee1996ea05d86964

SHA256
87271539b70cfa14af513cb1b0fb9dcbc28a9bbd53da8373857661455b113c51

SHA512
734a1fb9c32884f40808dee9cecdf457de43e5f73bfcbf5e0aa57a577ef1cd492cf15d178cde04ff89fd833d3809f4c4db8fcf2bb6b53dc1bb19dcf73d14a346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e1bbeb8b145759cd1e075fba6a96600b

SHA1
670f4599ec220fcb7a4bec47850eb0561b0c025f

SHA256
349237969289ff1d02830e9c90ba8675b81fa05d9e39d2931029be76e2e769e1

SHA512
4184ccae8cb551da56215d85badc327713ec9cfa9648a2d81aa8d08832e77ac54042e384f8bd8edc3b911fd8764838ad1ca5b1be7e0b676dbc4f2b30c57621fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
25643a069c3733606097741a6762003d

SHA1
43bc16c71ef522c8349c57bd85b2c981df8e649d

SHA256
8795b37b0e5b9e4528cff9050ea0546fb49c722791c8df4d87abf05746f5d75c

SHA512
c9158ce168a7861ed332f37d4e6850618c20c8b2468fec6d4f9101ded10e9fd744fddab0b9cdd8f31b3dfba30334854de6d30860fccb3c5749953af55acff2db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\40c3dbc5-9f19-4e40-bdda-3e58d28da61f\index-dir\the-real-index

Filesize
2KB

MD5
29344f343b7513cada5a3d28670ae179

SHA1
724477f0eb8505418a3990e73a5dbfdba58f3084

SHA256
9a98c53042c42d66d2e3d0652659e6740a4269ce79db5e58383c284c52a1d8b2

SHA512
d6fb09529f8ad5fcde2f084da055722d6a8be4a238e6e81f18de7fb705f011db2bd74c6d4c279f2c747b790c0aa842b318777e346afdfa7ff3c2699cdec899e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\40c3dbc5-9f19-4e40-bdda-3e58d28da61f\index-dir\the-real-index

Filesize
2KB

MD5
489123bf882effdd54bbd5c3ac43954b

SHA1
8e745d8aa414abba387bada36bceda08c1a3be9f

SHA256
3c7925410bb494623316bdd24675a1c7022ad53dc5adbe26a61e2b974935eb14

SHA512
a3344114f7b155aa702db11209d793cb96d518326c0d00bfe81103d274db60e75278df3e76270873c706a61188b668d611ae60df0aaec6430d4b2c82b355f3ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\40c3dbc5-9f19-4e40-bdda-3e58d28da61f\index-dir\the-real-index~RFe5a1a30.TMP

Filesize
48B

MD5
ceeb2d49cadfa07b95e106e22bf2dc03

SHA1
87efc45885f957bb4e355661ed7dbbeacc1d775b

SHA256
691dd61d75e8d6188738cfca0cd5414bb6d23706bc1cecc796728a7dcd27f8fa

SHA512
8e5d82b38aed3d24fac031fecf0575eea951e5dede8356744e085bad831d0ddaa05659aae9cc414dc0883ffab67d53fa69f38774c0e8b1bccebcd348aa714a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5c702634-54b4-498a-855f-8ef09baf28ce\f89b24ed7614d38b_0

Filesize
2KB

MD5
e789c29dc808f0b6c689640d6a071dca

SHA1
55e8c4a18eecdb22a2f93dbe59526a80c132b22a

SHA256
1259bd30db8b7264ba6f72e7106c86cd6a310cc9bee0b472541772ca0f81bf35

SHA512
57a3d686e75ae7f803970c957ce80336517b603f50326f2c51f632a96e8575285cadc8057fc01ffe80a343da7df6333c55d6da50e70a036f0799ff07136084bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5c702634-54b4-498a-855f-8ef09baf28ce\index-dir\the-real-index

Filesize
624B

MD5
819caa8e7ecf65b5b917e52a3c71c097

SHA1
83d63060f39e7d84645234a0f2071fe6d7867801

SHA256
ecb975ae09ed6c796721e3b050e14c482cadaaf4865966c0f35c1b8a273e11fa

SHA512
d48708085509dd0a4c9a5deb4806b2525c71e6ee75ecf0241670c94292954574a9b6c823f4e5117165fc68f162b31577f528ba078942edc017b7cb7b311577c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5c702634-54b4-498a-855f-8ef09baf28ce\index-dir\the-real-index

Filesize
624B

MD5
be0afc4fd376db47fe82286ae2463a58

SHA1
131fcee6f7ff1473b55d4e6cd46c026efef49188

SHA256
391379143a29a574c11710517c14c885e8d3819d0cd18d6154e9ab11cfc4ad36

SHA512
56df596a521ad0afe2d7443c22bd5abede33374a9412e5d92d8b2906593481603eb1742011d70562afdb3f0f13871e00a6ed946ace1f3f3896aaa32d1dc7604b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5c702634-54b4-498a-855f-8ef09baf28ce\index-dir\the-real-index~RFe5994b4.TMP

Filesize
48B

MD5
413c06d3224be81a44e90410b07e5d7b

SHA1
381d663ba4a681a2e98d32e8fb813769ac7d7061

SHA256
dfc7957b5aa94237035f243688c20c0ffa8a24f5d2f5c1d911b7cba0aced72df

SHA512
6d4262dc6e182420c7e206bde27700a32de63ba567e6b49f7ff57919eca8ef80715fd63ff241e2ed175b9a93a3e708f66bdf3e8a96e39614a2437b904b02c89f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\67d93eea-afa4-4f15-8d14-ad728bd765ae\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
db2045ac790f017862c10fb17542a643

SHA1
5299ec90bd7651b1c9c9bb7d2b7ec8de64590106

SHA256
1c892c2f7a77d19082d69d39b1783a2b999e546cfa5d41bd5335804914dfacb3

SHA512
f3321041f49a9803dcfad54e02126c26e96a2cc6775efd8be3d12d4570b8db32ee32f160cf2baf72ee32e24242042df9555c9176c6cb0db176421dd809061a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
b188a77167080b2f784760ec7155e657

SHA1
22cc6643cbcb918d945fdad4e18da33559f8a19a

SHA256
485cdf83cd46522916d52a4b20b9f49f51b3cefa523b2246dd3c97da404dda0c

SHA512
f45b6c2d0653ba24471c208aa2a3db09885e6abcbbfa8e5a8bd50fe207751861bb2939134c3366c56af02ee04a74bc2cade8c3165ec26f5495f59b71e0290569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
73402bf7e3a0fb1ec89d6a18c9b6162d

SHA1
907eb24431d1d5dda7fa99f2103b675fd0f17860

SHA256
92d551e9fc7f359a46dea6c2ce3e5c666bef1a4373f05cd357fc684861e6fe5c

SHA512
db767eca22b4dc2a30fa50474f5324bc99069fc1ca1d42a69c1d579f166c60179e92172da8bc58d7aa69dad299712be86349ea1ba148a1e5de39d0462b52b801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
576c1ab167056436a22b507b9741748d

SHA1
1822b2f6f4b50a7fd438597614fc4042d107b693

SHA256
a594da101dd4a72d71a0707944a85edc4fe1a34f91ac151a42983795f5ea6e2e

SHA512
74fb05efcbd1e7c610424701f9dba6e9de88041f09ea9d609ba8ea524b2efa069cf9c0105a4142b3aa4dd43ca7a0a9ff7bda1eec920db03baf28247c0167601e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
247B

MD5
c2bf08e358de55f475e7a1a7835c77a4

SHA1
1ecedda112bd3a61752590e3367f8306628b905d

SHA256
e34c9b5c2576554e910db45dec94aa452ea33a635cba1d1b88171df1528b212d

SHA512
1e904ce11cab71ceb26c18c2def39dcddaf480e86c0014d54f8148c9e8d8982751dce914278fccb68ca360dc5e511bd12edcedea5c824ebd306d8f9844a4249f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
cea395d60525bdadf9583cd377104b74

SHA1
76ea92aa045bb4d10cf53d88bb42b3b47198b349

SHA256
8880a329de1df6f536dbbded91d104fc8001b463b9e233d386babd8585feb1bc

SHA512
fa1e7b40e413db4c286b2558c67caa0bbc456784f9ba5c2f6b2e52a2f0462969236929321aac3c13f918fda61513ad9615aab25ddd66b8b5c9f7ebd4c9f260f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
d9869164552c2c2c0f37a2eb4d78bb7e

SHA1
5d33bc07aff9b2e926d4e6a557206fdbfcbfde74

SHA256
28c4fad5fbaaae6f0da66e8d221d2c68578980f0b1672132e6184412a38b8f73

SHA512
b11e5b2e2015eb68bb816fd900f1f8b76dfacaeeead21ed6a0e0a5fca00130d40bb660e3c5a03f517c46a631ad9ff61728e167f29e619b34f4f21bfa0b90a49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe593d6d.TMP

Filesize
119B

MD5
157a7bf34b89852216862ed86d42b6c3

SHA1
120b9460beae5edfaa445753757d11aefab4da33

SHA256
939ebd5a74f5a50505ad990630e5be73dc97f17e8da9e3fc41710daac783eb94

SHA512
a14fa9b703c7577ead6ffa293d00e5f4e818d48356b2c497ea06f965e9a4264e5f0c351282180e6a5b19d82657b908e1a575e4dfb58b39442b5eb18c145e8d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
eba2becb5db16306d50629ce30322b60

SHA1
e8ac5c3ae5d26c28bdfdef609ff59f727794eedb

SHA256
ca3c1d0f1577252f0e767c609282a32d94a5fea33caf663d7c43e309f9ac905f

SHA512
ae8f3a84870d735065b8390670b12d3ee9df8c1279f1320d708d57cc08a9787a434d6f2ab0c45885e2cfaf36f906108f7f8c27933fddcf478a7e0304d7f2d922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
73ec413ff25fb7ed3c1c613adbc15a28

SHA1
c2fc46241ee499106458284e9577547f30f124bb

SHA256
0660d3d4de21106617541ce32a8f4f8abe3593797a3d62caf8618cba75d043a0

SHA512
9ab401a501cd1d1acb9a1ce4772eee0b70cc854c79533bd74243ed90faba0b85a4dc43823415eed45ef05c3740e6e8973b753d0230db25f41549ad426398cff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598cc5.TMP

Filesize
48B

MD5
6c785513ba9847bfe5e64f4b0eee4649

SHA1
ba93f0fc7e468f2af0ed2b5889dc9ac77d12f5fc

SHA256
2b626b4aaf0dfbfae3fd85e741456e934a6b8fc99b307c0a35048242b444da39

SHA512
f024a851b25399bad97b03b93a4a5a24465b6c08873be3a371a40f3dd85d17c6491658140b78d0f4adde4c75df86ba604c699345f29230b8002297c511203c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3116_1895060626\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
a844ed2936e624213b3e99fe1e2c95f8

SHA1
6c94a6272bb7ef7f7d584a299d44e44a63c11438

SHA256
1096787a6cf53adaf85f72d749c233c6626d906a869804e24c7d180f7041afce

SHA512
a162d640a59ffb4658abba61389bf7206be7464f541a687bb581c32ab882c4a51baa7614c67f6073e411c80bef91737bad6fd17682f5b4da991c2c303bf4e9c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
e76aa046152ec5ccc55d4a99223c7c28

SHA1
c045abe3ecfc5644b0f47d8b0b1e37c700d94730

SHA256
36ea6505058cbf63e28684fe80c021e8187c16ca86eb086c01ba44beb6cc6651

SHA512
d1a9f2a8fd6e671b46d29563ab06f8a4b7a05c498ac5b27e7aea1973a1fc025652f29fd79f86c21e36900231e7d28dbbc4ee2dae5bcfaaf619598962c30f4dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
7600f857abc25126fec584722dea4938

SHA1
56ee2a4389943b365c9cbb09fa79364cf78672e1

SHA256
6d2c7ea9ceba406461317eaabe3a7313956dc850ac90651d0986e92241bde0ac

SHA512
15716f7d8399b4bc8e116d7a88e7d63e7df94fa7c85c4e010a3417db11d9f2ee2a4ae26de87c649232edf73f23d26559fc98bc196a172829d0b000c684ffd07a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
c2233a24c452481744fa766f16aca461

SHA1
c0ca1c236f4da0b259ebf21c9a5f2e4b99f4eb0a

SHA256
bab39f9a64f162ee00d491c64af08a4d5da25b02cab8d8cb892a5dce0aec70b2

SHA512
0856f0b2d3f60f99c952bb2ddd6907c5b5e18bf905b1cf664b0abf6b4f1be8fd38587beac477e39b5b6ffa340dbd2e7191d380fdd8ff76197c07ecf488458451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
a30e74d34a57b1727c9d80a625f88cd5

SHA1
c73e8ce43c637c51f7718a738ec56088fc777ad9

SHA256
2c02a940d5331db71bd46f02c2cee943b7f56cce688140782f9f59c9ef39dc50

SHA512
9d47a3acbd6c78d90ed87073f330f9d69f7d547ab83aeb50b8023a61e6c3d2ebceaeac6d3b853d73ef9309100afe7a1dc4d1917ce89e023af596d4d88da1e909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
913398608661729e973962059537e905

SHA1
77a239e7fb1cb32c1393ab3246b509d8d7b1a26f

SHA256
835b9e25c3de9b6e781a965ababe9f33963f20cb6d42a424cefcccd9dda9044d

SHA512
d618054ed5662b0d1a3104d4eaf347775a22dcde321a5293fb73e23e66e4269efdba3ea9d3d2c2bce73c40eeb16105ffbb5970efad6e0b9200d8ac425d80bf79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59e7a7.TMP

Filesize
93KB

MD5
d6c417e41063284ba61dccc16cf5d575

SHA1
8e43aa7f9b10a46c9eaa698361150e3f6d8e63cb

SHA256
2327f7b746a9c68a43584edad531302c3f0239557756b554c167d7ba618050df

SHA512
eea89d61905ffe1c459534e19949c39e38e3d7380dd57684c4fe6e2014e3d228adb93fabae9340b97b607f1a2377b28e9666ccac9aa850d0d5f3753d0ea6a67b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9R840QEJ\favicon[1].png

Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PRDJRCJF\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFD3EC606413E9E3BC.TMP

Filesize
16KB

MD5
a216b8d8cf403484f20d8e09ebe5deec

SHA1
51f8ef867957ddd242a6ccd84b3b9d0de921d79a

SHA256
d16301fdb74e5f5e0e3f2be1d5559756b1b754eaaf11779a62e016d792739bd1

SHA512
302c69f0568610e75fcef6d0f171896191d2385f7e1a1f0ad3e9e8a641da1bd9dd2fd7e7b36f5a48d426f335980b0a570a1912fdcd355c9a49712f1696004ce5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1687926120-3022217735-1146543763-1000\83aa4cc77f591dfc2374580bbd95f6ba_ae202211-6e17-4cac-b8d2-d431e54ee209

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1672-333-0x00000269E6A60000-0x00000269E6A80000-memory.dmp

Filesize
128KB

Download
memory/1672-315-0x00000269DB0D0000-0x00000269DB0D2000-memory.dmp

Filesize
8KB

Download
memory/1672-321-0x00000269DB8E0000-0x00000269DB8E2000-memory.dmp

Filesize
8KB

Download
memory/1672-317-0x00000269DB0F0000-0x00000269DB0F2000-memory.dmp

Filesize
8KB

Download
memory/1672-313-0x00000269D7CF0000-0x00000269D7CF2000-memory.dmp

Filesize
8KB

Download
memory/1672-311-0x00000269D71F0000-0x00000269D71F2000-memory.dmp

Filesize
8KB

Download
memory/1672-319-0x00000269DB3F0000-0x00000269DB3F2000-memory.dmp

Filesize
8KB

Download
memory/1672-323-0x00000269DBBA0000-0x00000269DBBA2000-memory.dmp

Filesize
8KB

Download
memory/1672-325-0x00000269DBBC0000-0x00000269DBBC2000-memory.dmp

Filesize
8KB

Download
memory/1672-327-0x00000269DBBE0000-0x00000269DBBE2000-memory.dmp

Filesize
8KB

Download
memory/1672-61-0x00000269C4800000-0x00000269C4900000-memory.dmp

Filesize
1024KB

Download
memory/1672-329-0x00000269DFAE0000-0x00000269DFAE2000-memory.dmp

Filesize
8KB

Download
memory/1672-331-0x00000269E65C0000-0x00000269E65E0000-memory.dmp

Filesize
128KB

Download
memory/1912-343-0x0000026A0DF30000-0x0000026A0DF31000-memory.dmp

Filesize
4KB

Download
memory/1912-342-0x0000026A0DF20000-0x0000026A0DF21000-memory.dmp

Filesize
4KB

Download
memory/1912-0-0x0000026A07820000-0x0000026A07830000-memory.dmp

Filesize
64KB

Download
memory/1912-363-0x0000026A0E900000-0x0000026A0F7C2000-memory.dmp

Filesize
14.8MB

Download
memory/1912-35-0x0000026A06980000-0x0000026A06982000-memory.dmp

Filesize
8KB

Download
memory/1912-16-0x0000026A07920000-0x0000026A07930000-memory.dmp

Filesize
64KB

Download
memory/1912-447-0x0000026A068E0000-0x0000026A068E1000-memory.dmp

Filesize
4KB

Download
memory/1912-443-0x0000026A069B0000-0x0000026A069B1000-memory.dmp

Filesize
4KB

Download
memory/1912-440-0x0000026A0BB70000-0x0000026A0BB72000-memory.dmp

Filesize
8KB

Download
memory/4448-45-0x0000025E27A40000-0x0000025E27B40000-memory.dmp

Filesize
1024KB

Download