3173e057e9c2611c970fa2a8f427a9ef91beb615b8b65b73f4539ea482bc507f

Analysis

max time kernel
598s
max time network
766s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 23:48

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

BABY DRIVER - 6-Minute Opening Clip (YoutubeToAny.com).mp4
Size

36.6MB
MD5

0a76fcfc03c29c74f746bd426666f932
SHA1

368c3190d914f640a0231bd5591cc9cd061a1bff
SHA256

3173e057e9c2611c970fa2a8f427a9ef91beb615b8b65b73f4539ea482bc507f
SHA512

93516b16a5e8a4087aea4b573adbadfb3fefa79640307080bffaa6114c92361d7939f61dbb6be71c752a84d1b337323934551aa29ff6e08885eacc22689a13d0
SSDEEP

786432:dPV37TVlS+AE1lTmHnT8B4bpypalGWylIcRuQ5e:dPBHoHTK4b6agWylIcT4

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
428	2392	WerFault.exe	82

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647839022460672"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer	wmplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}"	wmplayer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2547232018-1419253926-3356748848-1000\{BBBD7F15-D67D-4721-86F2-6F51D225149A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2547232018-1419253926-3356748848-1000\{9677D3C6-0F7F-41B5-AF18-012F53945617}	wmplayer.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
5952	chrome.exe
5952	chrome.exe
3908	msedge.exe
3908	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
2144	identity_helper.exe
2144	identity_helper.exe
5388	msedge.exe
5388	msedge.exe
5388	msedge.exe
5388	msedge.exe
4756	chrome.exe
4756	chrome.exe
1072	msedge.exe
1072	msedge.exe
5300	msedge.exe
5300	msedge.exe
5696	identity_helper.exe
5696	identity_helper.exe
2032	msedge.exe
2032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeShutdownPrivilege	2392	wmplayer.exe
Token: SeCreatePagefilePrivilege	2392	wmplayer.exe
Token: SeShutdownPrivilege	4024	unregmp2.exe
Token: SeCreatePagefilePrivilege	4024	unregmp2.exe
Token: 33	5140	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5140	AUDIODG.EXE
Token: SeShutdownPrivilege	2392	wmplayer.exe
Token: SeCreatePagefilePrivilege	2392	wmplayer.exe
Token: SeShutdownPrivilege	2392	wmplayer.exe
Token: SeCreatePagefilePrivilege	2392	wmplayer.exe
Token: SeShutdownPrivilege	5952	chrome.exe
Token: SeCreatePagefilePrivilege	5952	chrome.exe
Token: SeShutdownPrivilege	5952	chrome.exe
Token: SeCreatePagefilePrivilege	5952	chrome.exe
Token: SeShutdownPrivilege	5952	chrome.exe
Token: SeCreatePagefilePrivilege	5952	chrome.exe
Token: SeShutdownPrivilege	5952	chrome.exe
Token: SeCreatePagefilePrivilege	5952	chrome.exe
Token: SeShutdownPrivilege	5952	chrome.exe
Token: SeCreatePagefilePrivilege	5952	chrome.exe
Token: SeShutdownPrivilege	5952	chrome.exe
Token: SeCreatePagefilePrivilege	5952	chrome.exe
Token: SeShutdownPrivilege	5952	chrome.exe
Token: SeCreatePagefilePrivilege	5952	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
2392	wmplayer.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
5952	chrome.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4784	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 3552 wrote to memory of 4784	3552	firefox.exe	88
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 1892	4784	firefox.exe	89
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90
PID 4784 wrote to memory of 4480	4784	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\BABY DRIVER - 6-Minute Opening Clip (YoutubeToAny.com).mp4"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2392
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  PID:4296
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 2272
  2⤵
  - Program crash
  PID:428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.0.354240983\143794374" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73d52a92-8feb-45ec-9db9-6addf8b76bd8} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 1832 22707bf4e58 gpu
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.1.72533080\451239060" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {014f6284-5f83-46df-b42b-a87182a069d1} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 2392 2270918af58 socket
    3⤵
    - Checks processor information in registry
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.2.1637393235\704428951" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 2796 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcf0769a-c289-4edd-af92-d1acddb5e53f} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 2992 2270b106958 tab
    3⤵
    PID:1608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.3.1454904795\2063093059" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 1068 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a384e6bd-7cc2-495b-995a-63abd295b143} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 2436 2270c56da58 tab
    3⤵
    PID:388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.4.1193036887\420652003" -childID 3 -isForBrowser -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0b99282-b959-4d1f-876a-ed3b7c983381} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 4948 2270b1dc558 tab
    3⤵
    PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.5.1918801618\1402655843" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bca0c7dc-bf82-42cd-b621-abf70357409a} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 5092 2270b681f58 tab
    3⤵
    PID:2288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.6.256318201\1081030071" -childID 5 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b35fef6-8428-48d3-9646-de50600106a0} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 5276 2270df31358 tab
    3⤵
    PID:2368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.7.1781068229\1577816486" -childID 6 -isForBrowser -prefsHandle 5164 -prefMapHandle 5456 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f1c88ad-cdb4-4121-9401-c5ed88b79d00} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 5104 2270a7c7658 tab
    3⤵
    PID:216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4784.8.582005873\1756442416" -childID 7 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1380aefa-ed7e-4c58-b15d-cb3fef006105} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" 4464 2270b644958 tab
    3⤵
    PID:5392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2392 -ip 2392
1⤵
PID:5972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa46a9ab58,0x7ffa46a9ab68,0x7ffa46a9ab78
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1796,i,17709441605631378855,18374965841005807266,131072 /prefetch:2
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,17709441605631378855,18374965841005807266,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1796,i,17709441605631378855,18374965841005807266,131072 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1796,i,17709441605631378855,18374965841005807266,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1796,i,17709441605631378855,18374965841005807266,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1796,i,17709441605631378855,18374965841005807266,131072 /prefetch:1
  2⤵
  PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa45e946f8,0x7ffa45e94708,0x7ffa45e94718
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7929317605294541571,3828769985276751950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:640

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa46a9ab58,0x7ffa46a9ab68,0x7ffa46a9ab78
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:2
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4208 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5924
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6d4e6ae48,0x7ff6d4e6ae58,0x7ff6d4e6ae68
    3⤵
    PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4996 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1896,i,426129604165407172,15839575343225903778,131072 /prefetch:8
  2⤵
  PID:1528

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa45e946f8,0x7ffa45e94708,0x7ffa45e94718
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6436656552121104598,10374409027723939611,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:2
  2⤵
  PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x524
1⤵
PID:4800

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38e8855 /state1:0x41c64e6d
1⤵
PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2e622239aaff6d778c494fea97908109

SHA1
aec335887bd43376554850d99955f5f5ae82a8e6

SHA256
e3ba21a0ca61fcca7a8d22d7002f79a4d7a5435f017349601826e99a144ccdd5

SHA512
4aa5c77f40a0f507f61163f63af8d1ed5d21c220c5666488a4cf4d2ca9d5cf965dddc2687eba4c61a732e07b269aebf4c5477c262b2bccdce1b15954d5a5ec80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6c4808c3d960404cd02cae949443d999

SHA1
2e949d3c63227da793a8788e5ea80fc74e3ef5f5

SHA256
0b0aeb8cadc4fcb10701bd11204b8df33836a20ffc6f25a44ad219b3200754bd

SHA512
1baca03abf8ff83c7bc7f87b200570ee6751cb7750d84a8bfff7585864732622059cff2b7f61e626502a0a8d417f3e0ba2f6ad3aea041a7565acf6b5720949ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e3a1d43bebc61f0a5cf95bf774c476e7

SHA1
e2c9d9afa1ccafd770257b0c1845496d8b5f6abb

SHA256
c1825f75ded6c38d97e498697fb50a38c0f45ea8ef185de231819fedf180a861

SHA512
b6bac98e7d6a53c366a1b417eaa8e60aa1b5c2672b6ef2f66c0d9e87bcc4a33e1ae032e156b00a382dda2df12633a206e8d0221a6c88c580f5deb5dd31c13013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
60248f7bbc04ee09d69d852b555c2e9f

SHA1
ff5b9c502acbb295b81dd9f033d692c9303fa58c

SHA256
43f5a68c5e4a882060b93ee873c5131274d15d6ce9aa13612c9b49bd43e2d109

SHA512
760030d981901459f6f9dd5032ed07f6c720751afbef7257f7d54b3606ca92145d66f6e0e4b2b355290299101eeb4a1c386754b97f7469af6fed0e065cfe129a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6eda8044f3e835c5861346169fd967fd

SHA1
d8ebe9bcba45747e2f7a691adcb265cdfd4f7f85

SHA256
a8983b11a9f870b5c7b98ba72ac61c749f07069019f5a335ad19a446308a415e

SHA512
f07628c77aa7228c9ec939f328273a0a272c3198a77bf42a3e6eac0ddd0cf1397b7b075f85ef771a340d2858184acfbf6633e2cf295cd99f015ed2e32d33adaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
3c284bc58116830b08569833c61e6e94

SHA1
426f23000f4dd55732cbf4b76a7ad2bcf8c8c7ad

SHA256
1c687ba1fb571589ec334952d2685ed9543084180b2edf2e2dff3f2417e54951

SHA512
40dbbabe25ecb536bdd51b19a85e1b0f82c933608aecbe5941bb29bfd1402ac9ce550e93984708b43df44c6cb1a68b0af0b261931298fc19cad2dbb4741f7665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7f8df885607bb7fd89f2224c4516d627

SHA1
c4a4455b16781eaa52fbb9c339a9614fb1dd71a2

SHA256
9193f76408c3bea79f03f1bf623dd8d8fd7a2246d48598cfb17ff90c44e461e9

SHA512
7c58f77c6e75492a30f0b871f2581211defbfd718fe94ca02413bc43b3433713d0690208a6a89aadaec4e30a65f0e1890a4ca4ba669b2f42ff5b85ecb075ce92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c37f07c813688116340240e19ca5e9bf

SHA1
b12870db9bd88864a31728becf430b366266e94e

SHA256
4dd96f3876954eeb47237e47e5a67844b4d723688dae1ac0d73d9c71a2685af6

SHA512
c72895e172556cc1efd17c1c6964878d30aed26a357add2df1e85dda71394fb9c228996632fa81e776f70049cba4be84e0db1ae08614d4ee2eb4d9551aef582f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
97ba33426d262bc93704819bb0e07af3

SHA1
34a8ed8b318588034a67217ced563879af10636c

SHA256
c7298724f705af013394612dfaa05e4a21f7d682d57774a3236e058091dca823

SHA512
ad1c24458f0f01a53d9cbfaace9c2348c039d28ef0a3b68e76c97e95fa169615e69dc2ef0f1abf9a43f30a734309de0ff76025300d587ff803e2aba324e85e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8fecd62e73d8d3c8789d751614075e32

SHA1
f1c3933aa47f80c1715049ec8d63e069ea3c732a

SHA256
ce5f8325bb38819f2939ff3261a58f988ee3af48f0df5c221058b652f177903a

SHA512
478f7931bfb60487902e972d5128546044cba7d98cbce5fa2d4cf041a9280d2e0e6b3d76ccb9baf3b4ed77a7c1f27077df855f0b1d7cdfe9fd918aaa2c3da088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5110ec6a2b25eea99e1e2e4c9fe625b4

SHA1
e8736e508c669230a90a6ae6c3531a3d4079e74d

SHA256
12e9c4888e4efb2772e27f9ba9a3f41207cf8ada99db8bdbff32b426861c9f3a

SHA512
49f3ffe3776ba0d43537d76da71f296ae8b815e28d10a775f3e45ff05819459019b41cb3f3d48269d51f14d389732e0f6f2b60b424f2e69c8c7ddf95c75badd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ca629294ff57d62c7e4f293f29df8ce5

SHA1
d8044595257c9a3f62561ce906fd4f9a9761e15c

SHA256
fe84309697d8f5fae559e0ecadbf4dbff163e32823f039fc854403a3716835e6

SHA512
46037044c15fd0ef663ae3ee5adc41778d66861139f4203fc925a2b3ad8fcaa002d6c75fc570dd7315a34e171f0632f610c3ab20e0596862feea27ed63976ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
533b5b261ebb1c61929c045eddd6a67b

SHA1
661fb7234d9c5f69b28c3bec62ff6322ee7aa777

SHA256
6868e6425d2af9babc8b20d73b4cb032265b39e3f881924498da4c54eb79aeec

SHA512
24abab224c61c5223abb9f979a04535e2bad540cf4117d5431fadb94c84d057135becce409eeb36f6c73ca0f86a0ff9f9b3900b364ae68410e14ad0f5f25e78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e0d56576aeb42bebe4c908bb566a0b17

SHA1
556d8a3f9e74ced81b9b9f2a4884ffb0156d7114

SHA256
bd8cb704c67201d7931d8a48dcd64cc4de239a21805dff9bcc2fae91234bb3de

SHA512
284b508d50b2b336eedad7c0e12391a8df1bed7cba6ec22dd3e2b66b698b03b8ac07599a5003fab7206c8f5b48111bb8db2c4df3c5d3e21184dae1f5eb84b2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
93a5fef3509f4dfd90553c5fd21a8076

SHA1
15d94488f91bf8201ddd9d595a6a367354394f81

SHA256
efa4f2cdc4beb8b626991ac466c044534abae381a134da3db86de86a37049d90

SHA512
cff31242f906bfbf02f072d02930a85f7175d9050a14e8e03e474bc4c81f85e78dd254e4411ce79a21a28bbd86e69e284782180e871fb9b49e28616f51fafd4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0006c3b6692f4b8058b68bf8b6e359c5

SHA1
f3d8bdab569b20aa852c74fef62879e132bb9655

SHA256
6cbe05edcfb0cc2691beeec851f7385385bd267311d14bc6cf4de322fd5b4513

SHA512
95077776333558de06198f0236fc3e39b3df86726e063fd1d1c007bc6ebf1465656b934dedc840ae9b12c7e2dfe143eff02f607b7dbedaeacec8e3ace1b6e203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
30568c4f0f62a420a1db30b352c85652

SHA1
6d59b32c3f7cbfd52018c700166500cf8e75bdfe

SHA256
6bf92104e4c2e005d8d22e0812b1bb9140fce1caf79362fc273da84bca46fc36

SHA512
fe3ebeec1b9540ffce05be0afbed3be935420b85aed2045340f10db745e0a2f6cdf0e27bcfff76e53d2381f236eb7651834dcab109860230d92d3ec5b9ad1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
b439f83998138005b393a337e1a9d4db

SHA1
286e914a69919da80da7bfcd001cd741e50ba1fc

SHA256
6323fa90c8281a1c52bb2c45b5bc88d87047cbb6fc60d088d345ed0a07ce19b5

SHA512
0cd67f3e99b240670d0329873430c5084a1b02d40ff39db65c1612485ed7b6f4d261e3a713eda0cad32ec6105066ed6df6c745e80715b851f25efcf0ef97ea8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
32a1094dc77e964975f6a17b866701ab

SHA1
ad3dfd11a36a4dcf3b67a06e4b3984955f25baac

SHA256
666cc44e687a30dcb56046bf10cb88a1578df9cfe46a5561110222aff87a2947

SHA512
fda4003a3d5dbd876f32d7f9494195b9118a4ce6e19a4ad62967d0e11cdf188b36f348b1793cb00d34e79d0a421dae2020e8c1cbd8677f8483c0b22ea38913b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
bd83c5050b45a3ff52dc627f99f79dc1

SHA1
6d2a29a099aabbebea6dbd0dec6d1989f441ebda

SHA256
f8116ca13b40f474056659cbaf8be4fb90cfc62aa64d7884a5a6ef41813a51f2

SHA512
86873c644100bb535a821eff93165b9d7687825edc138c8d14bf7e8c4d0af29c97d029508050e776cddf01792e37ac208aaa7dac6523969b05333e794cd83a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
5b079ba7023bf35ceaf8a871d1c30c08

SHA1
fde77875063b609ba30c9821c740cdcb050749a8

SHA256
c0e4297eee493ce6a32e47ab7c962fb2c120a2f8f09f157445b04e0092c1112e

SHA512
36b5bd04e84964633245e6185fec72112fbaaa1a1e86c299bf042b82a6a7b29c34e94ef2e6c2500e1c22eeb7e391d0584bb3038dc217ea7b936fc87ac24682df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bcb3a282-de53-4e78-9ec4-22d3448fe007.tmp

Filesize
6KB

MD5
67d5c33f3ce715495c8f7ca2e4b17d26

SHA1
a5b3818aed445cadcbce9b26dd9c1792b9b60b7a

SHA256
0f873248b32ab19b2e6fad0a926bf529cc8f18f1aacb774de93ade4b0e050827

SHA512
a774a6ccae735eaa507d03d5f93b65616e73dc54efced4c772d3850e6d73c70c853c52ecdaa2e5483fdcc72afb8febca8b9b51a0266c1ea7a0b111136b54ebd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ef3543c3-521e-4e7e-8a78-9c92026bb546.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
f489819c71c25a43eed5b85ff220a0b8

SHA1
522257ae7d01276fdee87be03b05b3396803dcdb

SHA256
d65ad650ba58d3b5afcb1168ddf3a61e142d986f1b855a7f98af311ddbe4d384

SHA512
3866ea5ee031e46bae8e47380c99ef760312287eefe7e86aa61e762c288cfc41def4b57843b9a0bfe4611dfaae29bee035eb7a2d00118d2aac8080291ba60f3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
f1165a4868377e2a1ff2fd98e837f419

SHA1
08f764a92746a2116001fb0ffed3a5d4520f0c5d

SHA256
11920a2cc49a42ff71b37f2e27668c5c79ffbc5b784896201d032ee7830ffeda

SHA512
f92292350c5ae02667e2cf115f4abb1f452eaae33084dae42d919349c285e3e8615b9427b99e7aa59761b808653905e7a37f6d32c26ec9ecc63485b3c8e698c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
46518b426cedb3a6152dbfcbd64ee9ae

SHA1
e83b40723ebfcfa1e7807a5d4c64cd79cbab4c32

SHA256
1b2869494a762ec5eb863346fbbe4586c303e48f4acf4e91cdc268895d9de939

SHA512
27debfd2371c17b262f4f522bc11f7adf074e339f93f016a386bc6aadd783d6cd9f07a624ecc2701eef786a7b62325a6eadf91a7caddd651d70ae995f8f621fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
4974b4398b4dad9ab6fbc513e605813e

SHA1
e09eb48e478c2cd0f5b934627227b2ac0bd31c3e

SHA256
075ba18557c0224a6b910f9fdfcdb406b78f5468922dc45136deff7f464a3a19

SHA512
10ad7205e203d344beefc9f305e32842c003f6d9a22fb88428ecb59f527f080af010ff18aa294154b300322b474f73ea6e55a2c3613084e98ee32455454a5375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
db84a57d616a72a5bcc420fcb63324f4

SHA1
72639c9bcc0db93674bad6448663b2f0b61d66f8

SHA256
e2f13b700eeaf722992261360fbc7a474b51daa6aed14ce118e2deaaa9916ae7

SHA512
3ae2c9a2f97db48aabbe258b1e009f15a0d1732d401d95ce391f8ae0c97bdb814c2213e9855b488b47972eac87c26aae593c7241fe4ab730822de2a8b837f21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
4312c1051f0c637468f5a6d39c608a7f

SHA1
70213facd05d4629ea813edc7957b88cd862192c

SHA256
9beffa9e94f7b199e592206a7d295604554f0ca068d5127c7ce4144b93ddc1b5

SHA512
31d0d5ebd9e28d68f365e5ba51efa8d368bb6a9230d4aaffbe5833eb3fa2d2cd46237ffa95c2f53adbf9dc08a51acfcc7ae36b63e59caafdf29f9578712f6935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
1116e17fc70aafabb060ea49740747c5

SHA1
d346d5aa5521b602914f646aada79e2939335609

SHA256
89278687ffd9854849feade60ca2b00253a959d9ed538a312202519d6d58ceca

SHA512
809499d238904a012ed902f3fea9f0d0adcbef232049d6e9200b4423962ec39cd3df48cba66dd071610dfecf147da5ad8c7d7f8667bc3615124499b9cf148a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
1ef80551c51e62887d377aa784dd2ba2

SHA1
02e40b8bf1336ce2551b0bf5412840c57d045501

SHA256
34fc41a179a5372aa471e110f86595da07411d05bd15748e645f7a58706ca43b

SHA512
47392e518e1123ca2ba461732111bf8ea4b24f46ac0a3ad0be8ecdf7bc3bb249acf72ffbb297be411eb89478a04d35d66b442c6aff6c6e47f99786bd1fde5537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
8cfd6428c7a3a68783b697560439be0c

SHA1
27f56d8245e161c294729937db57b160115cae2f

SHA256
7ea47e5000973877fc4059e07598958d1d776719e05c2fd50f0da00c2a824526

SHA512
965656d9c9b11593fe124308895881bc9881bddf82b62beb3d94f3c9b765eeda1ae4c57ccff4a3d02200526bb7b1d14a4b4f17fc312192ea344f3c8d456d6c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
347b7ab092b2668c6ed837089aaa483a

SHA1
33d8ca7fc31fe003b63ca77a3499a1dd63bce627

SHA256
039fddeb63ef2e9b58af090211828ee5aa7f5c11ee8f11f123d9a4d84de3ef50

SHA512
d3e81600b2ddfddda771cad12e31c523cdc0252d90ac4b53d81f574384fa3a4dd332a50df98c7fb89f6eff0af204c3188bc22d54195ddfc8d9ed67bbd2bbd6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\80686d52-62f7-481d-a857-83303d0b3ef7.tmp

Filesize
12KB

MD5
14fb43539b7cab19cf40018bf2b03155

SHA1
5cd2458affe5c9d19d6b61efb1856991c9ed737b

SHA256
99148488954be0e0ff177de68b8d801e8b8de37f9aca1a5ffa0d940be2bd97f6

SHA512
7c5e40f9e1cd867c2887064787e56c5076c55a9bd2e3286df907dbcbeb5096150f596cee49699228d7d8a4a9ca514e5437cb81a083282865d6eddab115cbf33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0331fa75ac7846bafcf885ea76d47447

SHA1
5a141ffda430e091153fefc4aa36317422ba28ae

SHA256
64b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a

SHA512
f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0f818d52a59eb6cf9c4dd2a1c844df9

SHA1
26afc4b28c0287274624690bd5bd4786cfe11d16

SHA256
58c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61

SHA512
7e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f59f4933867eb943f7e0f193720b4e9

SHA1
47105e52e5e43c9a1426b044e194524fa3b44ff3

SHA256
764302e7a7135fd4d98e507215ebb05a633c1ee97801ac554ba0b8babfb773a2

SHA512
a69e93acd7849dceb05f016dda2fe477f7d4f49d1749f9793df0f5ceb119b100677bf3688e49fd89392b8d12c377e1ea500136c63a0e12458b65a90fa6b2cf94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
09f8c92e96d3cf8ee18529227652a071

SHA1
eec285f8a4a762ca3de3e80ad47a3405bb01087c

SHA256
268e7bd4d3a846ebeb61b4be20cbbe6f98288e4a08de05e024c99eaba11a370d

SHA512
6c34f957570b168688102e50591dcc3f1a5369b2933b4dcdb1addbbf926671a330e8f4740bb14ca51a56c8b9bf77c44c57c0248840b131e445bd2cb63ccfd8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
42KB

MD5
cb4b54a7cfbd806412eb2ac9f921951a

SHA1
1b721f5f507f96ccc266c313ebf42e8ab9c0ee94

SHA256
b00a3b356daea74e82b7b5f4e9978f7682752ab85b4dc28c41e8110aaa62c233

SHA512
d40c92ee5e8496a7396b39becc2442d6dc03a079aaaf9ad59474fde945c6ffd176788abcc012a296065d9c87bbd902b56d68f01981982446d5adec6091edb181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
16KB

MD5
7a0c70d6dcea218031b4888410566be9

SHA1
b74d5182ff5cd43953c1e62e97d45c3cb5d1c134

SHA256
90ced127003a6b05b8a608bb495830fd32cb71364e6ec9564be34e6301bbd586

SHA512
7887aa378be55cffcf6ff72c73e7d4db672563ab9b7aa50112d93a93f1b5bcf1579f5fac046ef378e275ff0cc90b2f4e1fec91cf1027bb956247ed6a4de6fa54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
97KB

MD5
de8416cb12e774ac11b2b0aa3ca328a2

SHA1
7db640ca107040cd5e443a4134f710898d492e48

SHA256
4e733ff425d52e57b756b523ea0438107172fb432fd9942db85b9985e3479e31

SHA512
bb2d81623200ee74cd69ddd889eafadde51a25991d9278133cd5c04f10218d0966afefc170a743d4e46957535ca02850f5b7975e2b35661815f31944bb173054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
21KB

MD5
0ca7f989aefc9f17573a32879ff79c55

SHA1
4d124da2f6c8c2e1ba014b1d610c21359852043a

SHA256
d3c3b66ade2f1d525f81bca560b75b6c3f5e81d9fcc6f847068da979e6978ad7

SHA512
a9f1d7f181d9a2e32038c635c648f171e2a6b0d25270b1ac87cdd0b64d33c49c60e084d52f68f07e2a46ae22f84063e993b088c4210aeb6be64d3d2ebc8e03ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8894ca068436fc49_0

Filesize
3KB

MD5
a166775ba0970ccfa8fd92fb5fc19d58

SHA1
78209a24f96484ab4518e1e85d79f94b0dfed8aa

SHA256
c20a6aad8c2c0a92eb5f197dedb77b296110cc34e40cf096d7a174d5e7012fbf

SHA512
c9c6dea5a002df51de3fe66c1e594b32a3e4e0d1c48de175bc5142f9c2559144908b14ab0810dc892104a1e2155216a3a15fea4dc4d49a94e754048474f0321c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9010d52ed1d18fc_0

Filesize
45KB

MD5
9e3d7ef642208572b8c71fd2a1496c8c

SHA1
9eb82fdfdb7e90c91b232cc5f636b607d230fbde

SHA256
e7a5ce954f9e991136ec9821d3605597b095aaff856fc3e7d5109ab6cedd7c82

SHA512
2edf375d5552287b088b4800cf2272fa02def01caf6dfafe28248ab8c6d38a537f3db2a83cf616fa1810f8daef165c2b508a0d4da0b69471bf03a9620f0e774e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
7f4b91656fd5e96dcd4a3c65e2b1c2ad

SHA1
c263dc0debf77b91f310c9cfcbac903eba8236d3

SHA256
f523c53271fb9f2b1ee7bcafe9616b6313b9780b8df635d90bdbb5cc94b5f60c

SHA512
80ab1886fc5f41dd5b12cd7a2c0d46ef3fe9a6db9a26dda6bf44c87fbdf1b3c63c741ba9cf8214174b1739311feb1caa34e58ef1da0a19c29845ed708d148a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2638b62830225fb2c4c6165ac3b3db46

SHA1
73bb596de0b7704a9cbf35fceb89e9fc0d26ee9f

SHA256
945f0c8db8fe493747b840876cb769327d48caa3ba817caa50371250d4dc25b0

SHA512
5b8be3317ded24d27a6ca2e05311e0e3be719c0c9e914a7f336422a8cd0a02bef4423d48286c4a40e4bc4b1e411a6324c0e571bb04b0c8e8c203457a9ec618ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01d3547d57fa5c4e82e3da2c2b2e84ee

SHA1
e56a0ed1786a5efa0d2a5c11948c8c452f208b25

SHA256
ff40d2072d9ec472ae6b054e10d254581636e06af04587115b9b7f95c68aff35

SHA512
afb852a76fb8ffe407b0495facc1d7e4a7886207237c95b4084e7e6ca404e11c75505786028e2f7da01908a059c0cbfd85699dc17b3a1789d500e64af9dfd241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f2d58a29a40b498a7cc6f358372cb221

SHA1
34e7645b34729b300f1b0682120c54acf9736374

SHA256
7b5a07e0016287c87fc158df5147168fe8ac7c22db14f0e59c9a9817ea5e8ad2

SHA512
f7bc93baee949cdb25ebabcd989e75959470d6dff8b4fceb0a3616253827d4c8deb3734f01db43a3ad59b0cae777426d5734ae7c2defe0f5b9aaffa49b2f1699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
b711cca3548602095f75405a24a2ece7

SHA1
b6ac278b43fa29fef9e9142df1b74cca626a018b

SHA256
4a1e0c081f716e9a2ca0da82a5f30099c5f3fec2e26b93ad457efa5abf03e78a

SHA512
8b3fb9a68d20aa039f64f1dee7717066426f537559399c414c977789124867a9382705141de788486d29643a5216ec512b3f4bc49a2932088e8a1421ee380e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
3f0fc31b12c21e54fadcace3d218188b

SHA1
56dc284ee50ba53b7b9a66381ccbc8c07e829359

SHA256
c137420bc854992d36f7791fcddf41c8d549294efe9a48be9ba50cf9f68b979a

SHA512
aeec0ebb1e9503572d5f77fbcbfc6fd6a6646448ede5b155296a92e4d632dd3e8a920c58cb71d490f4e173bd303947728740e7af3d840401a423037c15bd54b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
efbe8c26fbaae1bc217f0a0cbc15cbb9

SHA1
b72fbb72120de5ba3b444f16e568b673b38f6369

SHA256
ccfcddb4cd62069d086a80ac460adddab3160cea3d63a6e2171434ea2a9033ee

SHA512
ba701e4c9fb0a2c213c7dc0fe3b5a719dd7ff82b8a8b8e2fa20c10a32c4d3a9588493042799a9c35201410ae04824a634e03d1ea3cab01b5a2ee8e201b1782c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
4a4c1ae192cb4988ff6c89220e16dddf

SHA1
9d565dafad6da74771c2b25562c6f01140def2fd

SHA256
67b6699514a423cc7681a62f30da1d491dd7d5bda0e7da56f46b8dba4035f24f

SHA512
8c8f207c922c47e394fef0b2a09fa2cdba159c2d21e396f8062d367dde03b5c6ce0c45609de21394cd3b40f04fedd2a41546dd2ccdad6dc1544561b22892c3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
f155c4b2af2b580ba3b951f0969949d2

SHA1
124b146f96970f0cd12bd59bfa6b052f407de4c5

SHA256
f63faea897509b12e35f53ce5b4e595dbfa3077d4205bb9d0a1bf2c0be394b9a

SHA512
21dfdd2c1c6acddfa5e964d641308942532a2038e156aacef14394a213478a1569d72c3b7e93fbfa027bdac79c4c24bb94e43690e87abc523b4dd61fadc9e03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8c6fa688f6a3fdf54d692a031bc1c510

SHA1
2faef01bfc246eaf6a9d8581fcc4b32fe457338a

SHA256
b6c652e46d3765384f3ae0061d3cd476b35e683794308f02220f65f0f0db6253

SHA512
20238da78b850a42d39433210bf6e19671a5786de4f445253528501b42bcdfb793b24101e2e538ea43e534af7da16f4d17851b1d4cd27950985605350c22dd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
552B

MD5
19be7d263025cb38056fd67ae58cb29e

SHA1
697170c9662da26da77be7f3bbdde22034209bd3

SHA256
325f14bddf8939e5f35687391a25a3474dc75f22752da35f45b3ae23d72703d8

SHA512
778184c16b8e92d00c3cea2f4da31c4875cc8f98132ba99026388ec6d3829fb658cb9ac4043d42c7bbce89714d8b45bfe0e37c98846678856f8b50311b3b9cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
054a969374c79e78ec9fd86f9572e31a

SHA1
c9fa2699a27ede6bda53c06063e6512bbf2d257b

SHA256
a8612e85a7dbce8626068e7e1d6c864603dde2b4e1db81a9b9e035547968f139

SHA512
1b95fdc7673b6dc5882779ff57e4b5c88d41cd1317d1ab614baa265d93e537877f2c8b0e436a82157cf80787b1082f9e05272d1e583d9c237b9a8b88247111a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a588f41ec446b637376a72a79504d225

SHA1
4312fdde5a9919e324691a1c8fd0ec4d768847d2

SHA256
9b1e1879804ced126db3efb60ee8e0e030ac00e25f701eaedd792e1940df43dc

SHA512
781b5d070ac8361fcec433755c4235470c350d4be5aada7a087ec13b3de7af59908c2f3853b556ab3c4f36dacc301b22a8bb601c997906d10e79e2a1fd1883c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
85dc764abe8a268708f24033f78bfe82

SHA1
2ea381c51b0a3300f65cb3be35a317a9cd88d96e

SHA256
5b98bd8c2e9191a7e5ba2f511eda809fc9d9f00188cbd5cfc102f8e38e2d3c87

SHA512
9a87e6c05b06e807d05d0bc46ca75ae7c2ab833fea9b63b634c7f5db5cce41dcea7d2fc139a1a77d38b22000b50840146cc3f5e0cf3104b1ef08b12217f54b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
50e97cea66cd548c3b41a8915c1873ad

SHA1
844e31aee9bc6f51d9999991ea28c698d23386c6

SHA256
ed64415422cc7367817768e2a4f83e42b741d34c68bac2ffacc10b4dbea5a92b

SHA512
8bb1cdfc8d4f60e5fc52c9c653b2f09f4995abfea71dae41d65508f48ef4d1250d884fdd5d2db8827990314433378bcabb61f3e001a5c99e03bafdc6898fa20a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
00549d0d20257196d03365273c0eff18

SHA1
11a26b8d59cb41c2fbe177173064250d1378f4a4

SHA256
2f2cd4d643d7dc5c1339dea7e8b54fbe460b663bb8f38d78439859a2aec994a1

SHA512
c75727adf84e2f9e880d5b95a01669933730b81f7bda50169cc127858d20af77e563b7796ea3fc39813856aafee6e14eabaacbaaddce8b30791e026fe064292e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c4237f4bc9d2cddd2d4acc673b4ac620

SHA1
2ce5875a31f02e9fed6e64a285dbcb91d3513429

SHA256
93650aba6102d92be909baad6789ed3be779ab76b80c55b42e5b85e9093115b7

SHA512
0bce0cb38272626e8b813fd1140190f5b078088de0e51eda16e4fa71c182c3350a1285448b80a9bf5ba66dc72afe2e45c849ab45a88ced42c0f1dc4cca8fcd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b4770e29b7837d0c8175b876b207ecd

SHA1
4b342cd92a6762b1157554aa12beb9d175fc36a8

SHA256
51e20f9b67d93a4bff1bcec619d3bddfc794d7c7a0813e703971176551f9715d

SHA512
50df9c795153923a459fb489eb4079e27ac2bb2edc3faa5c496c756e4859b8656ba28e6e4a170c49a6129838d36a6600372c232b10dac4371c1dbf0e200d585f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e037ac29c1c31606c10df8931d2e85fb

SHA1
e144348592f43da01507016bfd33186be2b69eea

SHA256
c8e3570bb5095170c53165998b8947e18ddc3e38ca4756fa533ecab72628357d

SHA512
3ff469c52ce73da85e1e91a1661aeb821d5bd3a29f235de3b5cf7cd3ee09148de326e30e54ca68a517a86a63ad226fe460aad1c07b53a7051893e51406a5f950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3f5bd32f5eb5408e32b177bc3f32d99

SHA1
7e984755ec6e8afbc610524ee958331d6d1eeec5

SHA256
3dd8161feb0f3cd1c73f1a8928dd538a16ceeabdf66dc3b353cf8bc3a4637b39

SHA512
bddea820ebb7595ac00428b56efd6d6e88964e1329f606a6b9bf4cb362b93a966c6cbecf4bd4d19e716fbf8917fdfaca6374bf5442a3d1005889e955a7a28054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
683a550c66533ecbf9ad14284b6241c2

SHA1
141b494e8d902bd063bf4bdc1a0eedeb7ff0f128

SHA256
389192feac9c5d48056229646539e9737037a3a28846818d4b2bb350e36345ef

SHA512
991e0a7165eceb93ab558d5bfa0cced44c31d76311ec4ed215f31e4a6fef2bf011f0f38184beecc7f3f7915c2fd03568701c8393d710a60f9d1061011e2c1e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa5259867b564ebf3c836ee22f8880b5

SHA1
8b80d627b09cd621aa52562f0cbf67369d4c527d

SHA256
96b3fb59a3216f17c72ece00f4ba6ff41a058cc556d319a5c3a7667d7f84254f

SHA512
f1455447b3f6d982950e1239a1fe9121080e563faad3bddf1f703fd4efb90e8154fd110a7b16270eb0d0e331fb87a13d9dc89b3406f6c0a472c0f8efa895a148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
511fd895f6988dda9c287fa718c6b58d

SHA1
3736605e03dc098559c670c00086c4d4c344c64b

SHA256
1c28bccaee1796304e2ee1ac8deba0c4c3c38e5f3c0a5b8f9e8cf093985923b5

SHA512
227fadb4eba5206332388669a36ee41c5bc75de3cc01403ce3fc61dc25f45ebe2b7bfcf4ea2226f52f40d4066a9367701781d89bd02a2d3e58669966b29e7028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ccfa5d96ca4075a256b0f7e4b298347

SHA1
c13c2645f0b3c7d5174743d68f5158e73e0d61fe

SHA256
37a5b40e61b51aa8008696ebd4092879c75358d6ab58c0de604c691229906f0a

SHA512
21f3fc964d6f29b0f0e2575ac875858cb9f777bbb76b20e6028952c82a489689a7fadc4c0eb06a81d18beaf63f69ed2aaba4ce1f90a9570daeea94c24eef3c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a57c6a27ed1cfbef378d5d2fda91889

SHA1
f79954454a4b8d6087572c6448226ed8de3059ac

SHA256
81b9b802ebe00d20acd2144513a37a204eda16b1cc1c588df3935cb07282563e

SHA512
83a5b13aa238f09d82f51f1648413270d700326a276a422c286161aa3a40d6850fafa3768b4c19aa65ba40dbff1c1fd4c042967f5aa93cc299ccbbfdc4c25fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3db3c89c7e8ecb44331f09853bbd1a5

SHA1
4e1eb76d6255589aae5c463225ea6e25978327cd

SHA256
af97684815e7df81e65d749b0dec65c4d37cd60e0a1235c7432bbc3638a3d82f

SHA512
1926baf645d1d2a2844dd5202a44615256925440304a8c0c552d870c0531c39205089d54943cd85a9cfd20f873873ff593962379d6c76b45b9e83c28ba86dfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8e67fe8bb0b1489cd25adcf7adead68

SHA1
2634b8e81e4ab66fb859f79e99485002be7f0589

SHA256
693e046c0d88ea34e28ff21c11089a99dbecde7502351051ebf8c26594d1148d

SHA512
eaaadf8a3498e40d299fe10bb61f5c2e1f04fc85f53021ca7082497c6b13fae4d8bab378583d5d7548b2256029b01e47041c292d09ab3b44fced1900acf4bef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fde0928cae35cbf3ba67107b853a6eab

SHA1
a432dba030074c0050ff928b031ff4ad505a7ce5

SHA256
30e3423bfc179b638e6cebf61344346dbced78581ea22d23b44335b0bb474a54

SHA512
4cae173c6b4bc8b44c97e749b03e2e0afd8a530dde31ac6b721ea618d66bc502283f9ca805c0ee747d32a65c5b225b8d4f8ba402c4b91afcbb9059e65e001d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18b8fd02a6e724b4406869cfa4d264c3

SHA1
fd0fafbdacd4188947f301db144d2c6cff512b2d

SHA256
d30f590f40fa66cb0270fa8a2a166a4430bc5c6776a91e94b9b5e3640745ac85

SHA512
c014cb1df5ad93173370a028edbb0c6584366d707d5840361892c932f1cce0375a5b5fe869aa37d807743596b1254847450780e72d38eb31a0448f8576c6d3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aff02fff231aa62df2c225fa695e54e9

SHA1
8d01668c87b5ee7796151b7a01071527a6429748

SHA256
052c766b3ec327c389da253d76f39031e53bf0704ae345aae0fe09575b197c82

SHA512
7658405a2e6eea37b5c8146ab34ebb377da678ca3396cb9263f525ad9f3b5d2bf37bec125d4d4d5ea84f0d5172ec2a5b3ea2894898998fddf735578ae8846d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6eda228950df053ed0b5a9dec33463aa

SHA1
a3f4d7f919e4caf370c9cd4bc0ccb2d526cf531b

SHA256
39c90b4e3bec16f8707adb540c4fa137a3f085c9fe45f2eb479421e43f5f43e5

SHA512
87cc08bed90a41a13effabfcd25f3f6c3d536754cd533363f8cb54c6b5b60ae12c7c44bda93bef35619e7b2018bc83d766b716a6d2a403ecfe715ee81b93c5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d28396b1530c894ab1e398cc633a329d

SHA1
374659f0277264489240f3d37e2c64c9bd718d88

SHA256
4806d91e9395d8b96ca89a131b029d3fd7bfe0d81218b81d4129d1eebe543d62

SHA512
ba0a4db580b1093ad7c83c29617b3b9c20b8c2bd6666008413b6e0f6c94c1e430e5afc19f2eb0205dd1567eae5a8e954f2db6d5856fdee127b7c82d96e903833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
361b292593092531b0aa1cc54cbf6542

SHA1
e63f433cd0da91b91519293ce758fadfa798333c

SHA256
117821c9e9175d69774b98d6adab9ec143b202f518c0422badcc5f76214d6d84

SHA512
6498a9d0c7b5ee65318123743647f4559310040259807708fbe8ec8867ef897987d6e8eb561e22274913e463cb4b1211faef3bebccfcfb6db977fe16727eec10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
462ce16f1c837f188a306105ac7f5954

SHA1
640d88f8781f8d3dcf5d0c0ce1e3b973afcdb794

SHA256
50947cc103500da1d9dd92bebb244e9d82c67d6d27bc10655506562db97b7d45

SHA512
1d30e0a3f30958824b8973ae56fc885ca88108f8c8e90493becaf6d2099538370428ee4c56e3dd79c538092450434e9daeebcca74f7dd9e9c295210d8f70d224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e6406f68192571b818855719a44909a

SHA1
183b4a3ec515e4d5a1094bc27e4303d33f7683f1

SHA256
97f564db0151425f5446531c6dbb920760e43d5cf5ca21a7368d117f649c33f8

SHA512
dea564a0d701ccfe40119fe82136b4ebbf30df88c4ec7d06afceded371e9833265f013fd2eaac0027f1043cdde056baa2c6e18aded3056c27aa673217bba1f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d9a757f384a6c6bace1c4f3413322d1

SHA1
e198a5211c1f01d3a500d7e527962895ba47f694

SHA256
bb280b8a9636258db34d6b030237f5ba470fd9d33496c4b904ea4509a3be0637

SHA512
e6e8703ca3168b2c39e9a8e9947cda808389973256ff853615b6637ebd491248c081c1f884b37b30a200e25826f6240e10afc8f818d303b285d3dcc4b0d9055c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e06d34a9ff2738e8ee14108fbd5ff992

SHA1
87a24bec3bcad77ce3f31554a6643ec16bc9a01d

SHA256
2206bd6914e3fc3a83db657b5c4cf7ccf8fe4ee01101677300f717424516aaec

SHA512
feed4e5d5f5a69afe1364348ac2bc7f80005674865c849040ab79f9c06eaebdaca08175a5618d7279a7ed018e33d2aeb9eab3e4e4e0046c46f758229d62f5d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16e2b386eba00c5166b0a162705b2656

SHA1
54b8845757b5fcb768536aab27ed96f23e0281c0

SHA256
9df3cc8e756967fa0fbfbb3ce067a3815e83c320776e23191c418c628f2c109b

SHA512
8d379124cddc6e6e673991ebb6b326bb358e41bd08d0ef33bef4c53b1bfba40b90ae5a8676d748162918232a3f2859c1321c3658b990e8f787f9afb3cfdd1173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
867fbe9ae7ebbb6c3ff9ccaa520c89e7

SHA1
ed9de4d75b84969796db9800dd20b5061b9c8573

SHA256
95e6527c9448aeacd336c0c8cfa282ff52914c102f3b0e9eaa2d6a051346dd6b

SHA512
af0d48381a45f67feb31f67d681782cf1e859699cf4c67347afcf691eadd21fa5b6842849ca15014269e4fd880936d3597df887be03b289bd8cc9236579e9e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9e266b47c017b8cfb1dcbfb78b6ac6f8

SHA1
75076054600e74842fd8a9ce73b76adaf4282eed

SHA256
aec98edc448f5e15b0080bd7d955eb65e0bf49f84ab35af1f41a4faaf54946a0

SHA512
53c43c4553adf80d68f7341a0afadcab43cd4550b1bbb7ccb911e67259fdb263b1fe89cc18b7ddab4ae501b5f4b489884ed1859ec802f1e9f149e23c8e23d200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cea426e48098cedd83990270f416489d

SHA1
a0f52adc5395de2597cbf9b3da1d097091e7cc1d

SHA256
00eb798bb00833addd82265dac86d36b774e06c6948c5d42026b5acf73a95c39

SHA512
a2a0f229e3f54e0649f376b8d1d96c2dbc914a198e1dd18a45048518d44bdac523b0170b496b3cdf7a9d005945782b83b1fa0c489ea68e098296a3fc9cc88049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
7294b1f35e95420cb2254dd63cbd41d1

SHA1
7149b17bc271e5280f1d33620717ba5da1fdad82

SHA256
0f667c3c60ec07804871655f98341106a4ddb4eb3470fb91337a78830965da92

SHA512
e74bebfbc9e190d434986916ee2d0641a6438aa98fc8243b30f7a50b51cb06b3ec13a248e43ec4775d175fa537968f2aca9e35bea9f3b82b22d2d0345aa71279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e1bb073a0dd51c82d067000e679c33f

SHA1
0a5363c90f4b49c4cc6f4b33440194e5123b0923

SHA256
90494086c09f6b581d885acc50f53833d31e36f594f4e94f8b42ae5e208a3896

SHA512
fdebbaedfad1ca6a81e5aa3b38c4366b37a525eaeeffd9668de24dfe682ee553dd3bc8618a4a267d8c3cd46fc76e6fb86966cc0aed70e528cb1764c31d824aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
615aa6904d244c40849131175f0cdd92

SHA1
e653371094ee0b4751d78f466e533c7705c4e39a

SHA256
ec499e7f98532b5c1252413f135340af33be62acfd7e910a7ed7c93fb6ca8970

SHA512
d31de4515a8edbfc48ae9c8cf9a9606b073f98fd067fc585f54bd1b84739ebe2aa8f3012baa7794b8c76c5ffbdded5959e05ecffc5a2da607e19d7feb40106b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
43fc5a8d9692fb2996425faa933e6288

SHA1
bb05e5a1baae469fb7b9b8934ada925a374dc2fe

SHA256
00f0ecfb14be38ca6bb9493485c9cc1b7bf34037a34ff904f5f0986ea421423f

SHA512
7327958453d888c184777555d0246dd769da04153a480a1c8e90ad6382191f98a1507881476ff7c21327cb55a117903496ce671149f697ba85d39b0c9a623ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a97bc92bfdcde1435e042f9dc7d0e311

SHA1
bb8e9a707ff0332b4bbccf0bed9865799cd35489

SHA256
9fcdbaf6b27a2e5329fd0681626be2fc78768359390598ffe83c1376ba62bb3b

SHA512
2bf53931382543e54f6907848a5c1c12ca47dce2a219105dd54341366e03e546805de217db194fa52d0ecb3eb51a87638f0b39772f80a453be0ca2053cfee131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e3ff81dfceffc579cc8c3acc7c3c0dd5

SHA1
fef873c7a143617f644b99e5a9427984c8865d1f

SHA256
402fd7fd2c5deb4284aaea0b6945979d5223e3104c0ec2e7ea32fbed7577e79a

SHA512
7639a29f7636ea2ed66443674bbf0d325108bb9dd37bc821146af9411cb4919f9519d42033d3aa4ff2e510c3ecc219d79da4c023483e1bf051bf06e2cb0f0cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee388dc9aa4951db1bb8353dd33bd296

SHA1
629f353505b00a8c46c6dbca79f38a2ec03aed84

SHA256
0d50be8f637dda01f1ace36f25bcd6575a6b0a4683c0464dfc502e8865681ba6

SHA512
881c229f10da1f627202d0683ca4d54738aa4c4b9561885f1c45f4cf7c4f88c34a9068573972a3fdb10dbc58ae1f03ebb4695f4634267bbdc2e18ff885c450cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
68b3ac2f3dfbc45592549ceb4e64e8b0

SHA1
597b0f35a1b47a78d36395a096d8622db1a78a2f

SHA256
14b5c386c2801167c6c537d8b7074a369260d430ff824b4a58c0210edaf81a09

SHA512
c4926f960076543f002d5c1b19eed7ba6574fdbc0ede6a9f02881d1e4be33ea6891865efabaf8a3ec194320ecb32d75aaff3f31486c75b4e63c81b4b255d4f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
0f65535cf9dd0e45f9aa5e998bc63a03

SHA1
f4fa6fefb770c02dcd175083c714c0d097a4d720

SHA256
190b03b00623df14b3660d4007422ba53a1705228fe174d30fa564f64de41618

SHA512
f02097425074faf7fa098da87fb69474c0fd7e287ca7841653e4983e5b965b6b7f99337b6b0f8d0741854441da60571f3c9d7975cb00a6b2acbf1b0238ffe70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
0ba4df225a027af19c46e5a273e5c5dd

SHA1
cbce768d4f8703c311a9207bc4307b83e0c5d30b

SHA256
85821bf546be8ee62d9c8b2fc5de0678b4abc2c4c40bc0733423e2ac3473f0c3

SHA512
6f2ce23b2888f26bd2070f1ac003a23a439c1d22e3fec654475a24f39f79cd504d2481d276e4bc9a60108bfab07396b53e5516438359e4903afd70b55fb9ae7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92b067d1142b497914bdc1126b86615f

SHA1
634e1118509677f219a655d1e72d5c38c31dad0b

SHA256
343b76b265d9dfc8a723d2d8c4af062fc7278cac1c9765d7ab7d4621811734ed

SHA512
e98bfc1a00cbe6cd7506ff1406a73fe65108bb970b9134d6a58a4a59bc894c69c9c2b3cbfdf9eba11c2f4968c25f11da94316a4ac0ba4e06b9fa921199c1def6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5f4ddc5ce21f2c258e67a476bba23ab

SHA1
f8c4dc7d2b126f14e7e621013d61f1b865971193

SHA256
b6328bc229c297e18c47c804998cadbb38cce033e25c6e3290de4d39688c803e

SHA512
0f74cec2e219a56c7b1f5a99cbc1d0013a1609fe535c04a288293ef620f851e0b4f4b9f69dc5282da2a99b4be0f13fb676c8f323794ea8080fd2cf18ed8ed59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
813f0a3064fbcb7cf7655eda239ee573

SHA1
b34b8a97acf77636b49f67282a98d72738d69858

SHA256
34d2edf870a1e4e88be1b297421bedbcbbd6e1f88bed2daee86e90ce42dd3462

SHA512
a3a38c4ef234e70ad5c81aa33db21ff5a3e1851330e4e98358959279449ba6929e1e223f941e1c06fef60d4fda6f96fea0df44cfddd0e394fe6b4c8682356212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c0ae11c385f78c6915f3e99be7bed17

SHA1
7277d74ee9560d09aaef46e76b2b84b79b0e6bdd

SHA256
da823d7cf5258f27202246b9f48fca993bff38cd0143360a94ba3a47262213b9

SHA512
51aa5e6eff746917d5aa8966c9a645f1eb82c9850ab6bb9e18c7d99105dd6c174677eccecdf5f6184c11986072ab31acd55fc66816d45f8fe84ce05f8ebaf70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ac768.TMP

Filesize
204B

MD5
6c87c848081bc5ecf243a9948f0daa55

SHA1
f2645244d4c759e26adb8eb1ec8e14d5c5c8b93f

SHA256
2278123a4da76c16fcaab0b4a879458e36a562c0716f0396d539f80571b29898

SHA512
802c405433bd7ef955ad9e25771c82066409bc9313fd2cf5c0dcf336fb60f96450175b60680a3526a52494c5115d85248997f92cd2e6e906e802cc050c9d6ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
713cc265b59657f3414feffa40796bc5

SHA1
3aee5911669ccd9f13311843b2e870a4c2dd1c3e

SHA256
eb6bd40dd93154e3b01a9ca75e3f5ba07e2696b80090136f983a557715a7cb5f

SHA512
64d0ae9861210fbf6d2ff407a6528c206df230979ab5f640018c0ca9bd27024620e8607e5bc8f305b822913833ed50e2e853e070ecb890ce8021b538c56587ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
067430d00106d77a504bbbd60eb8788d

SHA1
386e1ee99611cc8b7888131457a7b2629986a934

SHA256
d89cd192198a4ded7daeac5087fceb184f9b11bff9d01fe8baf708e9635514f4

SHA512
0afb85a6ba13cc92197aa90efb3afe3964a53c6abe02492a0c6e59bfcab4d3b6f0d4511a7736afc123bd25fe43167d6d29e7b697f966488af8e059258174039a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
32a34da2b6796baee6fd4931e50b4c82

SHA1
a6106d353131c1181b13bc58700739384ef82c3b

SHA256
5c4fcec5a9f29d37e137794b594ee5d5f0336312398a832598397743f9b5b196

SHA512
e4f4bdc546ed21a7f58b47fb9ad509150c2279832f4d14844e37be7068c1717455a6bc3271aca4aa7924f095698649302ac433ba0e1f1cd327069f2dc689d593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
512KB

MD5
946f3d332664c951e4220b6529c08cf4

SHA1
8cef2495aeb0b14c503c53fe51282e7bdfa487a1

SHA256
def03bbc743e3f1f8e1e7c235e05180fd3501857547d59eac77034bb17f54d16

SHA512
a6ed17d51b299c250d9b50385e5a0c7c35dc388062d3d448fd2d55a001928518fb18f84a38a692af85d8f4b40b5e3a767724a0060702c842ac0bf8f83f9a67bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
fc8b974d6f2130eb7eec997ae14b987c

SHA1
8b8fada09f7b381886e2d1dd1808cc150abbaff4

SHA256
16e94c83e28054617289e0f3a24a4980ad080b3f31a7f982116fd2b68cd882f3

SHA512
bb475791a3227ae714f5f1dd4ea692ffa3e89dc51d3b89278a52f38c8114c1aef017b5c3647bc5b110ceb6cbc0aede6e2d325c3e6ecbec51764b6889ef285eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
a7c25fee3410423c5bb90e32a9dcf568

SHA1
b7559dbe0b06912d2a35ac1a2b5107aed01b5033

SHA256
a80e9bf60d1dddd56c25af3a7f5aa42abd7431574862c3b18f2fb87d47cf8001

SHA512
78e8663031b8a55c3ec22b2abd54803c8a3b77afd6e309dc5af8614e35d33d14dbec450e82377b9d0bf98a2a83e5e7b7a48d4c0be694e99faa5ddbdf1c2449d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
62b8cb3075dad7a255e6d0c8bf5fbed9

SHA1
d8889990a852f404c9b687e7f06aba32f9f1bfb1

SHA256
ad66298ba01b5ad5a72684ed2597f56ff11846b97395879ba9ce40909a25dfb5

SHA512
fb664426d1a63282b09248ce88fce0dd4bc8d87396475757d993c3281da193bb834795b35300bcad48b574df650a6097dbe492e5101cb670ed297f61c44d7a4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
2bb7c39940ffc58bd1ec884d933207fb

SHA1
c4eb385ce34e498fedb7007dc98d78c82e19c094

SHA256
d5186e6a17a6dc5962f7e8cb91fb0bdd7e6632ab2d53bc47204fc1ce881243f9

SHA512
46c85a7badbe51e694b26ba07657c788a98728cd7eb0f760573e3c96b5f65f5d792356860ce52c6701b581d1d43b574cc8af9c4f7d17c0fec8faef5a15552c2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
b0ad6dd3a9657b119bcc04bf84dda112

SHA1
92b5072ce5c0a966ab6ad3497c8eee640357aa77

SHA256
bf8c2f4a3b26683105dd9093493a069a5620c3de2fd68f67d690da6f58cd398f

SHA512
707acbb9e74130891fd6ed1f9dfe4b95b1fb549030f77cab324ca2a81b6ba85adb072f8da86cef0bfa4c4feb48c95609c091ab34bfa93e000dfbf74101958be1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
55b94bbb27fc2fbfb0dc1eeedac0e51f

SHA1
0b8eb9c4a79614af74d57b274f5e3f16647e332a

SHA256
d670ca5aaec872a40ae6d263664786f546c061ba95f8ffb1226286745ee80d4a

SHA512
94ff18e8a2bb5e338fafb1851913abcb3b8f996f332aadd4d27f1347d171c6a360c48a279efd276ad53f9267216c1032c8b09e2efab3908e9c539b7deece3859

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\prefs-1.js

Filesize
6KB

MD5
7f58e54b5242722d5f1756e831640672

SHA1
5eef19ff2cf9ad949c42c9d310035c2c454a4249

SHA256
dc7c8b8bbccde270d7deb82228743980ff809b2c3887784b60771e3f684d4f49

SHA512
8c2f21bdb877342acbb8f725c8fab8aea41014fef7f316db403c2828ee93d3caca9f6c17bb038a715e304fc92a68db52de17ca5008d241e70389b32f51ebef5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\prefs-1.js

Filesize
6KB

MD5
25a6503126f8f28ada1c5da3e1b5bcee

SHA1
72534226dbd3b28d9c49e9764689dffa01f19fac

SHA256
252d22975c5ba970677c4563f44f85c4e6e64ba766fa987403cd3aa732ce3c84

SHA512
585919abb51206e1c43c4aef1fb7ad4ec8e2fe9c326d3169baadbfa971bca49f658669e5d3d377c219c1566767bcdaaba73205fd0dfa80d21b796ab555547cf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\prefs.js

Filesize
6KB

MD5
19939e77554f1756441004c5bf326555

SHA1
99a1d3a15eb1935363857da37be18b983e4ececf

SHA256
288dfdd521ba972d6911689d925befa4c499ce6672a41303311bd5507669de08

SHA512
52f8b6de99361309e69cb1ae1310a96c3d413426157539623ccaf42ac6e8d68bae70ccafa538dcae685825b354d488cd96587c1c7d97f3caccea56d56b261b6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\prefs.js

Filesize
7KB

MD5
257bc746167b922128c6d3e19b4e7090

SHA1
ea57243c67f025c423b2a5744b8c7b68ea93d4ec

SHA256
dedae82f5e3e31d9c86f02b978446698d42144fd580a5ac62394e885a676f914

SHA512
622ebb1b127d1071441322ddf9ba7b6a608a58143e4b114198610344e3b0b24b4ac2e6fb217a139845e3eabc2bcd568c7f2aa0e469df0213f523eb1ae6bb412e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b6f76f82a3760236dcbc34910159edf2

SHA1
1a3a7699409ee73991f35c56b70cf20ee1744f3e

SHA256
aa7c29ae6013db2e227be4dd3a600087122bb3896fdc04b06c374cc800427da1

SHA512
73cd64911cd9db1ecad2d02375fae89b9b033d3aed552427b6e58a161b062d8665221dd30c1fba474c7b773074ac32194ffbc38b526a3fd0e17c9e1ad8181cdc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
6b9428e3adb22a7d3523fc019e590378

SHA1
8e768b6d8595c14f28c2245f65ac1f94b70a0f06

SHA256
80ae804da1ff5b84e1e023d5051fe77ab350be36f5113dc3b225fa406674425d

SHA512
dda6fd30ba0067c56144509433c7bd942c0286f848574250dc5322c92bde10e1972b43f94bda589337a41da517d0a7da71e7ae39f55ae0512c2f578e3ce251db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
c8af88247a5c8ed6b7ce7d76835258c3

SHA1
03d60b0f3bd10ed404179cec0ccd91b99f6d75ae

SHA256
3994668966724c6a67e37c0916e0eecd1c9a6503e69d5a7e6fe0b53b746923e3

SHA512
eb34a967523794f277cc110ab8152cb71a7973bfc77e582591ff20f553ba0478ae6a489c32f2e6e596b010054d458656f3f72801509c8c8802d3942b5d0e8992

Download Submit
memory/2392-316-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-307-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-353-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-350-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-331-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-332-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-336-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-354-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-355-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-333-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-357-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-363-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-334-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/2392-328-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-324-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-364-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-326-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-325-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-323-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-322-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-321-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-317-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-318-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-346-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-314-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-315-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-313-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-312-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-311-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-310-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-309-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-330-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-305-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/2392-358-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-365-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-329-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-327-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-338-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-142-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-140-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/2392-141-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/2392-139-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-138-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-137-0x0000000006A00000-0x0000000006A10000-memory.dmp

Filesize
64KB

Download
memory/2392-131-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/2392-132-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/2392-129-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/2392-130-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/2392-337-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-362-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/2392-361-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-339-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-360-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-359-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-351-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-344-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-343-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-342-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-352-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-341-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-349-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-348-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/2392-340-0x0000000008C70000-0x0000000008C80000-memory.dmp

Filesize
64KB

Download
memory/2392-345-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads