hxxps://drive[.]google[.]com/drive/folders/12_8O2o_9tufEE5Dvup-uVXVdvSsp1JfE

Analysis

max time kernel
666s
max time network
668s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 21:48

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/12_8O2o_9tufEE5Dvup-uVXVdvSsp1JfE

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 3404 created 4792	3404	taskmgr.exe	151
PID 3404 created 4792	3404	taskmgr.exe	151

Downloads MZ/PE file

Executes dropped EXE 23 IoCs

pid	Process
4928	Google.Chrome.exe
4324	Google.Chrome.exe
452	Google.Chrome.exe
1996	Google.Chrome.exe
1748	Google.Chrome.exe
2036	Google.Chrome.exe
4332	Google.Chrome.exe
2292	Google.Chrome.exe
1360	Google.Chrome.exe
4636	Google.Chrome.exe
4408	Google.Chrome.exe
4160	Google.Chrome.exe
1616	Google.Chrome.exe
1560	Google.Chrome.exe
2836	Google.Chrome.exe
4672	Google.Chrome.exe
3648	Google.Chrome.exe
4308	Google.Chrome.exe
5044	Google.Chrome.exe
2396	Google.Chrome.exe
1816	Google.Chrome.exe
4336	Google.Chrome.exe
5132	Google.Chrome.exe

Loads dropped DLL 1 IoCs

pid	Process
3472	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
423	raw.githubusercontent.com
424	raw.githubusercontent.com
425	raw.githubusercontent.com
426	raw.githubusercontent.com
2	drive.google.com
5	drive.google.com
422	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\c-libutl.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\include\win32\jni_md.h	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-file-l2-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\zlib.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\lib\javafx.properties	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-crt-time-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\server\jvm.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\conf\security\policy\unlimited\default_local.policy	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-heap-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\LICENSE	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\conf\security\policy\limited\exempt_local.policy	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\jli.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-debug-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\ucrtbase.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-console-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-processenvironment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.xml\COPYRIGHT	msiexec.exe
File created	C:\Program Files\JJBotv3\app\jnativehook-2.2.2-javadoc.jar	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\public_suffix.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-sysinfo-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\lib\jvm.lib	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-string-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-process-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-memory-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\include\classfile_constants.h	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javaw.exe	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-util-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\app\JJBotv3.jar	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\asm.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\lib\security\default.policy	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.desktop\libpng.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\msvcp140.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\lib\fontconfig.bfc	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.logging\LICENSE	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-localization-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-crt-environment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\javafx.graphics\ASSEMBLY_EXCEPTION	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\conf\security\java.security	msiexec.exe
File created	C:\Program Files\JJBotv3\app\jnativehook-2.2.2-sources.jar	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\fontmanager.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\decora_sse.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-profile-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-file-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\icu.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\prism_common.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\app\JNativeHook.x86_64.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-string-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-libraryloader-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\release	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\unicode.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\prism_d3d.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-synch-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-timezone-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\app\JJBotv3.cfg	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-crt-multibyte-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.desktop\giflib.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\vcruntime140_1.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\glass.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.prefs\COPYRIGHT	msiexec.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFE32.tmp	msiexec.exe
File created	C:\Windows\Installer\e58f9ce.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\icon1735593305	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFA3A.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9650A088-8CC6-3663-97AB-26A9265C2570}	msiexec.exe
File created	C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\JpARPPRODUCTICON	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\icon1735593305	msiexec.exe
File created	C:\Windows\Installer\e58f9cc.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58f9cc.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\JpARPPRODUCTICON	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Google.Chrome.exe

Checks SCSI registry key(s) 3 TTPs 11 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000080ecc9f1fa88237c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000080ecc9f10000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090080ecc9f1000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d80ecc9f1000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000080ecc9f100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "233"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 30 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\880A05696CC8366379BA629A62C55207\DefaultFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\ProductName = "JJBotv3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\PackageCode = "80809DC84EB39E44FAA63F30C97387AC"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\Version = "16842752"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{7F57B6A5-09E7-44A4-ACF3-679A4A678EFA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\ProductIcon = "C:\\Windows\\Installer\\{9650A088-8CC6-3663-97AB-26A9265C2570}\\JpARPPRODUCTICON"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B1423C193BBCC4D34B6F4D3AA87894B0	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Archive [OLD]-20240805T214907Z-001.zip\\Archive [OLD]\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{58F2D831-693A-4473-BDAB-23C2C9826771}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\880A05696CC8366379BA629A62C55207	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\PackageName = "JJBotv3-1.1.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B1423C193BBCC4D34B6F4D3AA87894B0\880A05696CC8366379BA629A62C55207	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Archive [OLD]-20240805T214907Z-001.zip\\Archive [OLD]\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{BCA79D71-B6BE-4972-9588-05EAE16588ED}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 294952.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1180	msedge.exe
1180	msedge.exe
1968	identity_helper.exe
1968	identity_helper.exe
2980	msedge.exe
2980	msedge.exe
3868	msiexec.exe
3868	msiexec.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3404	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2284	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2284	msiexec.exe
Token: SeSecurityPrivilege	3868	msiexec.exe
Token: SeCreateTokenPrivilege	2284	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2284	msiexec.exe
Token: SeLockMemoryPrivilege	2284	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2284	msiexec.exe
Token: SeMachineAccountPrivilege	2284	msiexec.exe
Token: SeTcbPrivilege	2284	msiexec.exe
Token: SeSecurityPrivilege	2284	msiexec.exe
Token: SeTakeOwnershipPrivilege	2284	msiexec.exe
Token: SeLoadDriverPrivilege	2284	msiexec.exe
Token: SeSystemProfilePrivilege	2284	msiexec.exe
Token: SeSystemtimePrivilege	2284	msiexec.exe
Token: SeProfSingleProcessPrivilege	2284	msiexec.exe
Token: SeIncBasePriorityPrivilege	2284	msiexec.exe
Token: SeCreatePagefilePrivilege	2284	msiexec.exe
Token: SeCreatePermanentPrivilege	2284	msiexec.exe
Token: SeBackupPrivilege	2284	msiexec.exe
Token: SeRestorePrivilege	2284	msiexec.exe
Token: SeShutdownPrivilege	2284	msiexec.exe
Token: SeDebugPrivilege	2284	msiexec.exe
Token: SeAuditPrivilege	2284	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2284	msiexec.exe
Token: SeChangeNotifyPrivilege	2284	msiexec.exe
Token: SeRemoteShutdownPrivilege	2284	msiexec.exe
Token: SeUndockPrivilege	2284	msiexec.exe
Token: SeSyncAgentPrivilege	2284	msiexec.exe
Token: SeEnableDelegationPrivilege	2284	msiexec.exe
Token: SeManageVolumePrivilege	2284	msiexec.exe
Token: SeImpersonatePrivilege	2284	msiexec.exe
Token: SeCreateGlobalPrivilege	2284	msiexec.exe
Token: SeBackupPrivilege	2504	vssvc.exe
Token: SeRestorePrivilege	2504	vssvc.exe
Token: SeAuditPrivilege	2504	vssvc.exe
Token: SeBackupPrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeBackupPrivilege	3784	srtasks.exe
Token: SeRestorePrivilege	3784	srtasks.exe
Token: SeSecurityPrivilege	3784	srtasks.exe
Token: SeTakeOwnershipPrivilege	3784	srtasks.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeBackupPrivilege	3784	srtasks.exe
Token: SeRestorePrivilege	3784	srtasks.exe
Token: SeSecurityPrivilege	3784	srtasks.exe
Token: SeTakeOwnershipPrivilege	3784	srtasks.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe
Token: SeTakeOwnershipPrivilege	3868	msiexec.exe
Token: SeRestorePrivilege	3868	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
2284	msiexec.exe
2284	msiexec.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe
3404	taskmgr.exe

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
556	firefox.exe
4928	Google.Chrome.exe
4928	Google.Chrome.exe
4324	Google.Chrome.exe
4324	Google.Chrome.exe
452	Google.Chrome.exe
452	Google.Chrome.exe
1996	Google.Chrome.exe
1996	Google.Chrome.exe
1748	Google.Chrome.exe
1748	Google.Chrome.exe
2036	Google.Chrome.exe
2036	Google.Chrome.exe
4332	Google.Chrome.exe
4332	Google.Chrome.exe
2292	Google.Chrome.exe
2292	Google.Chrome.exe
1360	Google.Chrome.exe
1360	Google.Chrome.exe
4636	Google.Chrome.exe
4636	Google.Chrome.exe
4408	Google.Chrome.exe
4408	Google.Chrome.exe
4160	Google.Chrome.exe
4160	Google.Chrome.exe
1616	Google.Chrome.exe
1616	Google.Chrome.exe
1560	Google.Chrome.exe
1560	Google.Chrome.exe
2836	Google.Chrome.exe
2836	Google.Chrome.exe
4308	Google.Chrome.exe
4308	Google.Chrome.exe
3648	Google.Chrome.exe
3648	Google.Chrome.exe
4672	Google.Chrome.exe
4672	Google.Chrome.exe
5044	Google.Chrome.exe
5044	Google.Chrome.exe
2396	Google.Chrome.exe
2396	Google.Chrome.exe
1816	Google.Chrome.exe
1816	Google.Chrome.exe
5132	Google.Chrome.exe
5132	Google.Chrome.exe
4336	Google.Chrome.exe
4336	Google.Chrome.exe
3980	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1436	1180	msedge.exe	83
PID 1180 wrote to memory of 1436	1180	msedge.exe	83
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 2600	1180	msedge.exe	85
PID 1180 wrote to memory of 1332	1180	msedge.exe	86
PID 1180 wrote to memory of 1332	1180	msedge.exe	86
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87
PID 1180 wrote to memory of 3656	1180	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/12_8O2o_9tufEE5Dvup-uVXVdvSsp1JfE
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8eba446f8,0x7ff8eba44708,0x7ff8eba44718
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 /prefetch:8
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7084 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,730074719886317470,3071450036712442898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4448

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_Archive [OLD]-20240805T214907Z-001.zip\Archive [OLD]\JJBotv3-1.1.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2284

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3868
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3784
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6000EE9B464D9A9DAD12CB31F55442E8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3472

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2504

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3404

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4744
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d06cad8-76f1-421f-ad4d-47d3d735aeff} 556 "\\.\pipe\gecko-crash-server-pipe.556" gpu
    3⤵
    PID:4232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45ba9d83-6578-4950-981f-a66c3c455ee4} 556 "\\.\pipe\gecko-crash-server-pipe.556" socket
    3⤵
    - Checks processor information in registry
    PID:4824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2932 -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3100 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef9fde41-5d8d-4f14-9554-e22d42171058} 556 "\\.\pipe\gecko-crash-server-pipe.556" tab
    3⤵
    PID:3900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1504 -childID 2 -isForBrowser -prefsHandle 1464 -prefMapHandle 2644 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa820379-278e-4dbc-a2cb-b8a9a4aca4c3} 556 "\\.\pipe\gecko-crash-server-pipe.556" tab
    3⤵
    PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4968 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32da741b-53d1-4458-84ed-dc170fc21216} 556 "\\.\pipe\gecko-crash-server-pipe.556" utility
    3⤵
    - Checks processor information in registry
    PID:4800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5200 -childID 3 -isForBrowser -prefsHandle 5196 -prefMapHandle 1468 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc0d783b-d08e-4c79-932b-cb7960971404} 556 "\\.\pipe\gecko-crash-server-pipe.556" tab
    3⤵
    PID:2952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 4 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b3f4036-1bb6-4c9e-9d54-fb667a114bb3} 556 "\\.\pipe\gecko-crash-server-pipe.556" tab
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 5 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2279984-7a0e-4bd4-af19-a27438c70688} 556 "\\.\pipe\gecko-crash-server-pipe.556" tab
    3⤵
    PID:684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3552 -childID 6 -isForBrowser -prefsHandle 4220 -prefMapHandle 4216 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7380c094-6672-4288-a4aa-57699d31afd8} 556 "\\.\pipe\gecko-crash-server-pipe.556" tab
    3⤵
    PID:316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6076 -childID 7 -isForBrowser -prefsHandle 6068 -prefMapHandle 6064 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {914e1d79-fbfc-4dea-ae36-a189dd29d45c} 556 "\\.\pipe\gecko-crash-server-pipe.556" tab
    3⤵
    PID:3688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 8 -isForBrowser -prefsHandle 5312 -prefMapHandle 4652 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7c03aa2-ce78-4575-b656-59924f23aac8} 556 "\\.\pipe\gecko-crash-server-pipe.556" tab
    3⤵
    PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8eba446f8,0x7ff8eba44708,0x7ff8eba44718
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2664 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2688 /prefetch:3
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,4859578928412936124,12475561360769741559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:1976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4f0
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\061f96e693df49e4a6ad468c45c83a9d /t 1980 /p 4792
1⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8eba446f8,0x7ff8eba44708,0x7ff8eba44718
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5956 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,1975246687932394841,10833808116962045757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  PID:2584
- C:\Users\Admin\Downloads\Google.Chrome.exe
  "C:\Users\Admin\Downloads\Google.Chrome.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4324

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4332

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4636

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4408

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4160

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4672

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3648

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4308

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5044

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4336

C:\Users\Admin\Desktop\Google.Chrome.exe
"C:\Users\Admin\Desktop\Google.Chrome.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5132

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\aad9dfb7ae2245e8b001185a7988bd65 /t 4528 /p 4160
1⤵
PID:6000

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\90a8adadf47b425b9d9eb1e3aef94fe4 /t 4628 /p 2836
1⤵
PID:6108

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\916dd471dbb84aa4a944182c7cf4c783 /t 2240 /p 2292
1⤵
PID:5440

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\260ec56e4f4c484d81821749112abd7d /t 1556 /p 452
1⤵
PID:5564

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:5840

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3882855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58f9cd.rbs

Filesize
54KB

MD5
d8e3bed3f9025f0cee041127d286d473

SHA1
5bdf61c56b436d4419b1724f8d485e0c931ffe8f

SHA256
7769c382bc84a676232a1c225abeb35ef3098db388422b2c4b0e32ea960fa786

SHA512
5dbfcc8b823907be27903f8073f640b5008727aa1242f4a8ed02f9f2a87aa9975874b3847bd802dbb736460c188db4942edeb5bcd5c05471a336f478df878b36

Download Submit
C:\Program Files\JJBotv3\JJBotv3.exe

Filesize
566KB

MD5
77f9cab6666d8ab484fc5b4a3f16c7e7

SHA1
3444a9e98e77c2088be7d2ef6594f5aab18ad16f

SHA256
b06bd79737c2019951a9512a553bb6f5a6c4ab558d9908a096958bc291d3fb2a

SHA512
f1eed85de6b8d9c2fee498b58453b16ff42cc2716978de45fd51dedfdbedae7c7a5ad8bcb9fb3abf20a472ff379c11e6c36b8ecd6a41c2c073c20dcbaa3d07dd

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.desktop\COPYRIGHT

Filesize
35B

MD5
4586c3797f538d41b7b2e30e8afebbc9

SHA1
3419ebac878fa53a9f0ff1617045ddaafb43dce0

SHA256
7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018

SHA512
f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.xml\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7b5951f7-663f-4287-bba2-8ca4dffb744d.tmp

Filesize
11KB

MD5
20becd951e95ce989ddb0fd958ba0fe8

SHA1
c17ede38aab58f97b284a1d49c66e56e46b1bcfb

SHA256
3336dde93b0869a0e3950f31cf692e1243202ba08abd6b10e092ae2fcaaac8fa

SHA512
f413e9a80766ab83493071d33712a64cdcfd75b5d3747d2d61cde2cb336eb69e2feb69afab7a4087c785f8e2c876e47936ef1984a8c20591ecee43ec772d3f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3fe117fce25c113f7c50a2251f64bbb

SHA1
669b401c0186695eab005cf4ac2736eb1be00767

SHA256
ebea96c94fa1c2c6eb433acafd7b7085b3ee987decf6a05c6af61f4a8838c14e

SHA512
8651b56a31ab86377d850d8ca6bfd29cbde10d165cf8314d5fdb06219d769089a493e8579c93c401ca8aa0188f2a240c6fc4d3df59bfeea0272ba4cafcb89ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65dda5b8f60f3ce5456f0912d72e441c

SHA1
b99d17b82fd15cc3e8217f65a7842c8ff9077f45

SHA256
b9d4026a6607ccfbb85e4abdebcc301dd2b344b967305841bc60b9f0c4845d1d

SHA512
70c96605150135f156bc33b66b1a8e25b097eb56f3e43db24cd0503a33ec15eb8bd24583ec1faeac9f84a862a3893734157a9afbf7a7f9c6af3839805bb16c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b7beb1688d36c78890263cf472ae4c7

SHA1
038da62af958106f9278c21e20d947f8d603eee7

SHA256
58957ca9de5fff3ccc435ebbb13b14302281035188f39971b96d44d3e540362f

SHA512
57f71f5fbb20ddbe98df8687a9bde5e193733d7c4836671a58fac6271fc631bcb962ef61ab8c84075212d6e5a254d9149d1a2c2f4615c272f424975ab2dc830c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\115a9984-0ccf-4ba7-ad6f-5a64ca0c0881.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a7db39b-4592-481e-8d65-d26017d0751d.tmp

Filesize
1KB

MD5
1bb98643902dbb1e1565f38a365c5270

SHA1
df6c5675ec79e7eb3ae5cf793aa776584f12c299

SHA256
ffde72ab675f13cbfb6ecc949a2a248d2626871b18dc567302e04ae9c585df60

SHA512
f5212331a2e3f2fc3f25b81cb59cb3f7d7375b03a9b308c270c75596aa72fad1e3d550a16490d6ec3b7d7c949113b629bf1bb2cf4d71ca2d9934d0a429f19afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e57bf579eb74a90d4ad1b542cea2e96b

SHA1
844ed906bb49adf8f080027550a62ff050054dbb

SHA256
6e53f502d62f950377df096348173a4ec79f8466438ba7a145378b5524859eec

SHA512
6d81b2efde5226795d61d23289c5c0d1c7dcd6b7e3576aafcf20d52ec61fa4f12cbb9fb51a1249df27133dd1262ef00b74be02718409fd59d76e23b0a4ea8ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a6d60d241d23e9af289af7491660b134

SHA1
9c068faa5a815ab95fe242e562f66e607f8f4705

SHA256
93af493e786b5dd86c753b97940cea2b0ce1679f1ac77724ea506abdc8d691bf

SHA512
2396ce5a64223a4891d43ed787af2ad7bbbcd435c2c60ba7a044287c0fab10b24c0b2ad47cbbef7292ce90fca917f33067bfec0f27661f65c2a66e5186dae0f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
7c22f1547927dc5ccd137d10282ae2e3

SHA1
e7ee0e01d20ddb637196e085c6c685234947cb71

SHA256
b7d249add19baf5abf20f48193ee3069b18f3aaf060cbc8c84406a926e07b8b0

SHA512
2a05e03c951e2ac048ff769de0581b073aef8dc6f0a66803a72dbebd3b0d330faced4c64f395fa0f15ab49878a49d723eb34106e44c90a14fbfba07cbaae1c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
bd573d9326b11295bb46e1bee539ecb1

SHA1
e1bbb501bac53ff5f6c5ad3c038bb2da2e2f302b

SHA256
973f361cfc5c79899bfbc34d4be713ba05ae16cd6ff46bca6b9fd627fc4661ce

SHA512
d19d56fb1e7da77a9a660ea9cee0fe00adad0cd8db96a15048eb5f839b4d6d771b968051e803028362712ad7dfa031a91121df5b8ec9949b847aea1ac9648207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
126196f8351a481d793fd47c41a5eb06

SHA1
65961850e264fefe70831ca891ca9f8095d5534b

SHA256
90180d2b63388e273d3948fe08cd804f501ea8c65a367e7932f41417fbfcf439

SHA512
a5d6df75d139992c8434f3965e15a0c6403ca7f9baa187a70339499a01981a679f97368f04dff28782b83f4d5c76398a64c0a561ba0ff432e017e192febae890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8b2a3ef09fb7ea436446aaecff4e7811

SHA1
335485a2dd4bcaee0456b1e2589631c9e58ef6d9

SHA256
9dd01094c79535b12763f4317dc94c0aadbe8156c6346244575f4fa9ab67d3fa

SHA512
ff4d2948b348defc3b129630377d5b5ea9ecd13ac8062cf872727925e8c86d79b08bb4f43351127d3bca5637e5e5b11bbd54a61c8acd11a98d5aedb265e7f4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
519b8a0f72ce58818f5d485ad049985c

SHA1
32b98cc9a69c850cfe93b1d899266e72f68d28f9

SHA256
5c6a740855c5d25ac5674951dce3199557568a0f8604f3d8f8b5090b25253e92

SHA512
f125cfed1075b496e6f0d7d52f7513db43b78b29627674dd91258735f4d06ef07f38075ec8b8c4727daef7ad3ac38af44c0c570f6e3882b1362124d40733f31e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
97ffc98375533dced94142d73265c24e

SHA1
2498c81c2ede2c27043956bdc20fcfbc854f766c

SHA256
ba0b1f46558fa3ef7051769fe3032cbc174e71690faff99fec338f047ae1d96b

SHA512
139df391e5ee58f76109f454ca8d67603b3bbb3e3e56d7604ccb18dd41908da1040e43e79786be67ee60249e5d391969e97fb0f2214d9fd1fecb93bace17dc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
49135688331e279f6cd2620c887a968c

SHA1
11628bf697a2cdaf28efdb5b04178f48338dd170

SHA256
e88f8713c38ff0715f28e7afeb6892ea738a65feb9a1f318b8f506239772d57c

SHA512
1cabc4200f4040498133990cf95b6f801738d80b5f9007fd8f375476b5cc518eeb39461fa07c9093fdc0bd53a0b6f2cf86c425dfe708d18abcfdb826cd1aa1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
363c56c09858d36f6fbd8ebd8b2f7e34

SHA1
3bb8c8e06ab3b2a79cf344c696100fedbc226ca5

SHA256
9c3f66dee2696a445e8f4578e7c4c9e01d6f18c718ff54d95bc2fd6b636cff46

SHA512
55e6ae7b8d60a65481166107517d5691d790ecb5f521546cd89e93082dcb3f9545aaf672426cdc549204c2fc4f03477d03623f351d9af6264bce4607b5182e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
3b9ea19603b1315f73e631fe33193e27

SHA1
ffcf14a1f2f75da6dd537d7d1add19dc615f3c42

SHA256
be745b4c0e26c34e0d3314b212bb971d22d76f3ba25ad1a323f50dec9b92ea2e

SHA512
21ac176f3608bc67b900b8e2e4c34d8c3ebc405d58468d961b345301fa910e71395efe7cd8709d2180663c67377e38d47819e8cf7ef7ec7338fb6e6647cd42d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
617B

MD5
ce99b0868c2ea9eff0997e0a256287ca

SHA1
02f577825b270703d34f3c05f86b5d554897e957

SHA256
4a0d8235940809ae3962cc036568be0f43ec19288d7a9035fbc65ee94098e613

SHA512
4ac3e9a4485362ae12270b68e8f6d482ccb5b5fcf0aae9230e9670ad56a42b80cabdf81c0cb6eef1e981b35eb36af27e2c6cd5b890dc4ea092c9234717058f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
eed4f9db5e0a648aa19b5ed25cafb499

SHA1
a3d1e89cbe4e20e5fcd3a6ad7841e6de14ad2bd2

SHA256
706e1087c65056ca4dc39b07a1995f8221c89d60672808dbdc7dd3b69b0f2fe1

SHA512
37bf4589747069f6662110fde36e9df2eb0fd540101ccec39b7d2f4d84873a78d369d3b53255a6c2d56420224018a97ff9c6f795117a0fce04b47532af15c2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9ae6acc42035fe4c827c964473370fdf

SHA1
030ac27f9a54662f8077bdccddd5af5384a88b7a

SHA256
7b7c1a106afbf648a8e629e0c0fa0202d3034e7e4205ac2d895c0e3d9812152f

SHA512
06ceb8b05f9badd88576096a1484da628ba4074fb18395d30336b8dfde7c9435bb8c8cbe7f5b794f942f4bca1f7e7acb95f4c23ab50da9f2698c562e79d896f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
ea4734898f71840389201967b047907f

SHA1
1fbea3396d1937506c8572bd466b4c4d6bb8a2a4

SHA256
e8250add32e3eb2484a38bc4f471a5b6093d7fef358f1cbee4076eba48c3b404

SHA512
dfad95359044285ffbdc1a32083cea643eca2f49d0be1bf8dbb3daa3678b57008707b5e3cde68abea2071e1d3653bbec97a45d5f3d25a3548c48b67c83b0f692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e6fd6190730102437972568121fe8f61

SHA1
195cb16353ae44cecf60cfeb800f8cb72146349f

SHA256
0e8955599ae9efe7b4dcf114337e7c23dd53ac4ada982c99c3bea02007719271

SHA512
2a085a300ac071e25fcf2490496c4539d7960e88417ffc56f1dd1c8a2c827809ad95791473b3287fd5c983a515ed23022f25c09fe8003d2480749c20d4a2dd87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
43f2bb64c0da428c47290c1b6a6654d6

SHA1
52a605981b51ef537c7439602c4f9c41c87d7baf

SHA256
84b81cea6e4cad8a339ed7cf364c5d8e6c928132ea1edab2166e908ed1a85eba

SHA512
6a1d14faf2239daca208e5c4c721317a3ea83a66520d9430fa7f7cadee2f13f37550d4ae37590bf1a8bcd0c06955735090459246527c0cf002919890f5f8da9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf9d3927d5df6f65dd6b064e3b4a9fc8

SHA1
dae48b817b09356d006f77439e3795f970cb998b

SHA256
2117df325c67a8f6b116293ab54cf0c68600c72fb26be514d55abbea1fcc748e

SHA512
5445d5a90b7c1ddad3dcc4e72ad95a8a2a37ef1b943a9d6a093301e8bf544c97a862d1ff747ba928d520fb1582ba5091f4c39f40cc2ced80543416f68be0d09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a88b6f9ea662b290b60b3420069e50d8

SHA1
a1198f29b69cfe4c60f243feef84bfffda801230

SHA256
f2a6fcbc0204d56b6449b5160fe53905794175f1df27f06d94e7651337ccf606

SHA512
936d5b04373369e123defb1fc277e6e8afbe6a5a83c734daa56dff7e585ab15ad6a2b2accbccafe5c969c5d8aa25c5ea725cb0335aac6bebba15536ae48a5ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2774eb8b4ee422b7a84a8b18ab31f79d

SHA1
2a30f33f556fcf1a3ab15638207e7b7e94551bc9

SHA256
66031d613109fa376ef01534e3aafaef7fd7c30311b381ceba63fab6f7bb64c4

SHA512
e0ce12f89de6488c6229faf8b647ce9e70197eea9d09cdb751c0062380bf0718ed266ede3d0fa557ada47c77cbd3075433721e1e43e472deb2e32d16bba4ca84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
80b7a0f87c46f1ac89d2d9a2810b2191

SHA1
88413f6e680e379d51ad6b35faaf42640ef7bf6f

SHA256
6dd77ec42dfcba7f6f4f3812781e04ce6d6aab53194e68c0a3ddb162160138d0

SHA512
0066e6cb5cc69b1023f36b922bbffeca9c5ceae9506aae51419daed7db1b4ea2617c99331450c45ee943cbdc2bf89487dddcb6b75fe319124b771a9ec2922dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2282eb8599eaddf71aa65b82925ec768

SHA1
048dbd63acf506a111f4b2dffbf4632e17ae9b54

SHA256
2e3d2bcd5031ac1bf7a01c9fab906e9ad5adfdf0328561d70a4542f7fac93ae9

SHA512
e9a86dc7a67a5bf8399d1b5cd1a985927c1b7db709a85bdc720c5d2fe6a533bf43bc73bd10a963e4608b6236c9a40313b1955f7945d7f293cec4f98440fa6b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7e1755d4a0296a0fe450658b6c5ae3f9

SHA1
66aba104ce78449ba830fdc9880ec6eb057efc7d

SHA256
09ef5bfcc5d4c5197ddd2cbcd11125baa08190400b25092a99ac063c48c08708

SHA512
a8899f783651be07889e0bb24bda83c980acb9385f3b5d38db9482d43d2bbad59011e594e577821351776d871b9e7ba1b6e259cb75342e3308c2badc95607b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e23b768d861666c7fb3ef10fe2c82837

SHA1
6ca01b621e8b36c6a2eb0b2f93371d30f2a29f15

SHA256
809ef0d42aef597e54b5f3fa2ba330be924c41f5237fd02644f0ff030ac293f6

SHA512
5d52287a38a39a48a1b4ff3a342011e8723f488570ee73cdb94395c27cfd601c5456399432a323a73a6f27633dbed16af5c5b83c9a0a57204682d1dcac6f5fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87d8f8a0d459b0541ffed29902911cee

SHA1
508e1a1f1d9fbbf97d7db2d3e64501bd4def3338

SHA256
8fa0a9b19de364bc3e05540bd6645bac2bbf5ec194f994a42721fe0e274d2faa

SHA512
5a00f6682bcdf867861bb80a52cce5233519b80e0bd369d5439b5ae5627617ac386027e6d962977cee93bbc821194824161f2b1038b41fa976748dbb04835b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ce326559acaf33e01997354f67fc164

SHA1
dac7cee58ff806760e5306f5c6ef02c2cafa988c

SHA256
3e47cc846f73a70dd4779d0fd799d1f25e67433d01d8ddd305b769b7aabfb60c

SHA512
612d083c27961ab01d65f5e1818694a04f57864c7a30b365dba1dc22e2dda1f5e1c3ded6655c676f3544db11297912b0ffb24e2ec986be73f0cb554dd6b944c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4e99f3e114eebbcaa82da7a6f108b0f0

SHA1
c695f36061d07c406dd377dbc2c513de6b4797d5

SHA256
474e16b572abd68b294d159696829e4900b50265c54352d090baf8355d9a6efe

SHA512
4f43ba7139db9295882296b8509d91b58788cc74ed79dfe64740e7b8fc9b0b0420b863ceb3dde1cd85e94263d479bda73b22758f0a2633a32754bb13235154b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8fc83a67f29e41f7385b230214bd4ef3

SHA1
727ec411fe679e1348416662649a189e3b3c54a2

SHA256
153e5ff1bd114f5ebde5623142e1acfc09512c025474829166e34e1fcd42fd3e

SHA512
1e1106fd9be28dcd669b361df44d1a657f708df6b8af7aa4440623f99f0c6e1d243dddfc85fcff4f834698e9a7ee9d84c77681c3ec1a0222e4cac29b9f0acc20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8664700bae68d59a43200ee13a0aa565

SHA1
76eaf8000451d52443654605b46c9f77a4834424

SHA256
0ffcafa89ebee4f7b8b08c05b4996226b30cbd4ce95634f6fc3c52a315b9e679

SHA512
07e22e2a4fd4a912e80cfee9361ba9c698709e272aeed28da056753a1ec9cdeee5f473fea555bf642ca2beb3bf581ca4f5d9658b69e85787320b7394fc5f8976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
318e662787246ce7cc59084cd5bdcd7e

SHA1
366258831729343abcce63600bb33dab9e11c933

SHA256
fe03cbdc58aef81c1b8ed7e558344902b3b6da7edfa0c1b0049bf1348cb64dc1

SHA512
33e53f3ed192ad3e1b2004a74e5d91f720d6b2a4db1d896281345681fa4255966c9773bf7bb79845b5b819a88593d24308fb72a1195b697bdd7a753571c193f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3d4908fc33ee225685dc347aad884410

SHA1
2f4674f81d7087c4e8f01f4951c850215c11ea42

SHA256
d2972d0a8dbe20566aa4b55d92028023c98d1938dfc624d48d8ca6d3ed373605

SHA512
c9b314c91b3b4ec42825446a9dd0580c775f2e1ba8a21f5c8b5f3d807a7164d59d0562f5e6e2f0e94f35dff58efa63e751b2dc9ba1180d56e19b8ef44d2ad2f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a599104b1181b25aadd856c226312432

SHA1
ca2bb0ca07228b95cec12c999ef44eff864fcd66

SHA256
d5ad052ef118b5dd96cf0965a8b4ad396ec51b81da71893706125029a9414cd7

SHA512
6f965962b15e51f96ef557fcb9f45d770c015390920ae329521ef2a1c394ea7607b0f95b29f823f1a679b1ea696810878ae72816faec17e05bb703c9539f9471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e3bba3fd2f654c1ab7b3d7ceb92e5b2c

SHA1
c90a134a4bc0718da4f0411c7ae56d208ac0a68d

SHA256
c5476e285a305ba4a97a3a8ff708d8021eccac57f83d9e3b59d4038aa76c96c9

SHA512
fc328b97bd211e269b0ef1b34180c97cd0b8c58b7b703d365dd566cf4cdec2ff3907c71ff0aa5148ecfba46062cecfff73f14c553d166823a91c4a64f5031031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8ca46ffe68cd0cfd5ccc1f752f908ab3

SHA1
725b64a2ae58eea9bb2c04c362a60e565482f419

SHA256
df6b8d1fd350eb05c32812a73615e66645eb88609fb2e544db580c960bed60e0

SHA512
b04c31958346f2f90eea1be0173327a3fd5dcf453170f3381297fe76370f76edb845d99e27e69162a05e7f33b4c6ec63fa7d18e4e2dd6121858c73d03aef0e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
750B

MD5
bc9c5990bfe31851dc4dd10f8c921840

SHA1
a066f758337b2c22baf1e447cbc9d208e6655da9

SHA256
d8916f36831f5abbe03270bda5783cd8c053804574032cf7d9d0ab716a8d4d03

SHA512
30338698b889dd2f555846fa9c8ce24a1a88968e2edceb1fb108c43e89dd1e68c71548842c07cc363b142fee84fe62ad1823e03192904d604763620541982c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
bf2fdc228a42753c962c463cd8a6c544

SHA1
7313ed799e742acd7bc98f0538f07de29d873798

SHA256
81165f63337acfe06a30cff4c696393a7dc2259283e57da45fc303ce92c7f397

SHA512
5f7dd1b03c63cfdb1ef6e614a0dd610f674a75b5ec47d3d41d64f3d8f91e5a1ffa6742f9b73b0e350783719ea5c8fde9b806ae883a857b37541f3780f7a57c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
21ea1fc39fbcd83865ee69357ae0280c

SHA1
9035427a06a5f3f5e3f7f8a41c8fbbc99caaf0d3

SHA256
917381d3ab9977813ecb5b5ffb855424ad7fc89c6828f05e5ee68a7d0177f802

SHA512
df684ce6d5c3691e614777c14b45dc20af093471d3c24fce582f3e04f9caa09060f835171b8275dc08f915f2de8132cf54110c88f7d255ef617187d1278622f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ace5d.TMP

Filesize
48B

MD5
9b31f567f265ac61547f05e50ed383ee

SHA1
62c83a175451504616fb9090ea29a4a614b4d297

SHA256
d5209d594e571eb790ee2e2270f4a2bca12e70f0d62b78c5c9b1fc76f6f4a385

SHA512
354831004ed4a0369c9710f9e09a6b1333b17d28ec8b0f1b130a885732c1fb64977dbdc3f90da8adb34df5088c272d4b549992b1b8cc832f693ad2029d561d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367368123351350

Filesize
28KB

MD5
aba77cab91167dc413f4093032bcc527

SHA1
04031e2f2f416c6caa5feced5823308bca213c3a

SHA256
75c4e1fefc73672f3a2fa588b9b1b684952c6c0441f6a7c0a86bbd3366d822c7

SHA512
43c16ef77c15e9d22c0df1345485fb8b1552f45b18de1acf88ccc297877446e6a158bdfb60c9668a545b8b44f8f0cb071bf319f7e6f040fef7932d9acb2c5183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
0d24939fda206b9503da5e37c1815e47

SHA1
13d58ccfa2f1825444850796ab4db5d8ce6da004

SHA256
e849fcc957e3832c3dfd9acd51c6985f606b17a815eac075bc6faf27e553fdb9

SHA512
7a8d036da5d1ca01cb375e5635c0d93f7cc397defcae3bbd715cda031399d15a6b26b555128705dcfc5afb9111fe6c98c6f475797b60051735901e2fee25873b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3dd8e27459e1de96347de53fb63f7213

SHA1
1af6130077822a280bb22d79ab2a674ac9c9acab

SHA256
1fb6d670239c2a3a8cf9a4a45eeec975148f4e4bfa0762dae0bef8c0067c837d

SHA512
75cca137cacfb1b296b497ae705de01efe94a31228b9637744ee48eae1f72dea26e580195facf75e4bb01f1eb42bebd909c66603bbc5f510c83f3a5f7f658ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
2e4862d57f79aa74c1f892282bc60338

SHA1
58eefe6ea57c9e76f5d314b3157280aa5cdc71ad

SHA256
0927ffabd8c4b596ac352fc8ffd439c4de6926017f6613b9da272d1da55806bc

SHA512
85739d76cbd0f62446c83fcaf400b59a4f2c85e234a29c8bd0442c08b0e99216c76793da909f94fe9244898c50eb33b396fcd5d66b9b35c51a8447bd9c12685e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
450cfeba75efe7a4638c65ec16f4b66a

SHA1
59d3ccbfe1e5dff9358aee9f5274f5e790f8bd60

SHA256
b208064d027522c5043146c12e2bbf6523637b43295e991660440222423ef1ed

SHA512
7527e61d610e23c90c18d7d5e46d70b12f54b131f8cdd101c4d608ac096dc1711026f61f88225d425a9852959a58e73352a674299f7d881730691199b988ef26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a293ca4325b2a656c11f90ad6b4e7447

SHA1
1d2f129d8d6a9ef1a65d04e58ad1c9caa09eee5d

SHA256
3f183a9148a2e5a5b5d74b7872cc46fe2faadaf896b817996666c7fa01d9f342

SHA512
61c3e78f56b46abea63a7adffa675ff248b553c7744d5fb4c3b894c999e90eaa1d2f6d1cd1962d4949e0d3c0b35dc51d05df9c2f77e77e6740fe61654923dff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4d31e0fb264ce79085b2a58f33c333f0

SHA1
ce2fd4171593ba7fafcdb9ccfb2ac508307d09fa

SHA256
2407c77975d3f56fa94cc100e0e6eb0dc411b7958407fb1a404bed0f0baff51b

SHA512
9b730965efd1d52feb2746177f6329870063821ea37d2d0c79f563822257f12cf3240a1e83b812dea4dcf70fa1cf9f9c3dd0accc31c4d2533eae0902eff7f48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a425188e1a682a7c82d7a976a353d6fa

SHA1
40084c9d32a5a313df656a8ab7b60c45f5d7ef35

SHA256
8cde8d0c16d52ef2975a4c03db389996040bbe8c181a5943a5de9d0d61f58ea4

SHA512
4a517a1ae2eace26279a66e4f53c1c867faa2668a42b73c76aa94ec4ac9dd87a96ee8c678689d9bb9a2f6a0c1d599fe77f886ea645b4eadd0f28499584e6c327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8e5a96d459651f1f58b4b0519b00a13e

SHA1
feda060149178880207b8e2f9bcd05fd6318efce

SHA256
09cfd3c111634d021b513597dfafb8e554e5597d1b79abbe589e73405ea8e99f

SHA512
63f2714302d6d265a4a23fdc556ef12e86fbc13ca67a0e8dc116310dcebb658906a0064403498de387ad675676a057e693334e968b3841abcc00c3824b0ce036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d8bbebe8cab51ecbcf76c319bd2feb8

SHA1
24b499192adf75ad0349293000d08e40830c9c1f

SHA256
efccd18a7c8dafd8ff08b3e6c7654ed882e369870440106e84388460a10d04e7

SHA512
ab1e7be8be1a47d77fa4ecc30518e6ee31455072da7d30cc169fcd3b347b09802fe68d035bb5358de5e3c171586e2b398862dbfa2b817c01efda71e584011e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2822437b9270653c584a070eb36f340

SHA1
48168e3b273bca5dc18885ec93b5f52e07813277

SHA256
ffb4e544f3a4afd300f435d9859bf2da2e9f945023c0673ecd9ff832dd2113e3

SHA512
daaae0c9f08ca27952d2af5bac01e5a7a988acc71e717c3cfd4cc12a4cba0d45542d3b359d5a6612527f1579c9e10a8e84c0ec306bd6173736cc8a73ee474faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
008b6f914c44200b8c91732def12cd01

SHA1
2296f58b96d1f3a92cc5911eaaf86023fabf3339

SHA256
6960582bdb95fea5f779846af68b802dc8bc0975aa2e497a78ed73bca14658cd

SHA512
c18bf9d0d3059e49fc2f6cc8c52d618f8c52ba76030e212f53d3f68a5c9d05cea6dda9309748f131afc43c6bfefb0b817b166f73c02a07d52e012853976124d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
10c19d2eb20a73265a7aea9eefe94bf9

SHA1
2dab21afe22258d12cf687ef44eb44fad8697cb4

SHA256
3498f9e29581a0ae607a19163b9b5f272a6335d0df5a13abb95d53a5b3907c90

SHA512
ab42d6cd1cb6bcbbefee397a63c4c93c3c90306a4be5531953cb03caa14d08bd3c72cc6241a90dd0522bfa6cc256e3d89868a76e02881865d64093441d2df48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4ca73a1b5d07de43396d5699f512c464

SHA1
433b46529d84e7f7ef7429260dfdb798d0ce086c

SHA256
bcc552c4952a807f519e8e20653360b60b5ba0efd6fa61a13ccf88f975ab7f9b

SHA512
8382d6c801180ee92cc79b1c59246424942d8b92b5bbf7a2c08daf2130b3d3ac9f3a57781085a9869fe611982268ecfd8a60f3375b098a00b47cc3f00790f7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
adf1c3488eccf5d0c8a73b040d3cab2e

SHA1
1a3f62d71df4d3427655fb44e5b7a51e9261e306

SHA256
543ab2e6d741a96476aa0f50d56a22357b3c16ebe3da8cfd5bf5a85eea86614e

SHA512
011cf74f46d7361fe0dbd30f071e9254871f7260c71ba9ffd35ef9cccf061fcb2e422edd5dfe2c1b0f4a8a9e24f12ff795964804f296065684874cf741070b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
beb803ef055a2cb29eb7361a562b353c

SHA1
ad2f578dbde5f8cb20178518267cc24fa10607f4

SHA256
4bda31cf6d29adb9ae240c4ef59e8ddc5de741a369a8ade374e6aecd4dc880ac

SHA512
6c1ba8446fa0c4595cbc371d74564930a8a62e276db28d24d62a2aa5239edbda791dd3aacfd1d1eadc82d6b5365463b7c3ba1b242d655511baaf9213052b0d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00ded0c1c087a419d11e11b93e002ef2

SHA1
86f2653f9d454e1ff31e07bfdb7b55da1b6ce123

SHA256
c06a58483ee8269e47c503fab5793bb6f10b7b34d0f884ec2e69d0173c8337d0

SHA512
7a3cd43d667694c0f6e3b82b1b93696b143fa23c229b41770f98acd662a367dcbdd8c926362351adaa5594ba573c63060e0d69c5845bd4b1686b263ff5b909ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ff6e9ddfcbf5aae4676b67a090f426be

SHA1
0eb321424043c80bc5c6f971e0e18807b1eb55c1

SHA256
933250d6674e645d2c04a9d14d94d64fcf601d72da38fc4bba119d57986c9899

SHA512
649f1f4557cc6b694426ede90bcaf7a85f4c1658fb049364196c7f55dc274fdf38b143beba359223ea8a1c1cc9b7bcadc7a8f51f6950283cc3e9fae47d0da6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0cf9612235b34b1d34e8006d439741c1

SHA1
9895aba2e62fc2c265439c8bbde07fe28ff6b5ef

SHA256
2770dd3bad561e13fc60f133879d06c5c3c8e741fe2866617e85f27029c3de5f

SHA512
a1a0e132dac639026131695897ab171ae1ef33bb4712584dd4b3f4d40391484efeb20e117860f6940249a9e5afc9733555b4a76409a0bd1a39b44a8f91747ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57db1e.TMP

Filesize
1KB

MD5
f1d41839aa7f71c0d0702ea46157e18f

SHA1
cb473e9eb615aee00e3992a825aa471612d2979a

SHA256
2702e3d9dd6b9803cd33e5cb27f34295641645777e9f70c651fccbd6dba7b145

SHA512
59db559bbf741f217cb3c92db097b100f28f97d1a67a5a782b5d6a7a79552e2c190df0e4b1c91a5472bd198e42e27cb313d39bb339caa5a71851cf23d57fe7fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
299038d2b4babd550b70aed67d46182d

SHA1
c2f9f9a3ecb9c863353404233c34fbef9eac94e7

SHA256
157850de12753b5e88e29b11b3372a906699fd9efba5889c321c550538a93c96

SHA512
baf9107e3a145a451ab48b25dfe7e5fbcd9e2570ebf4532de35d88dc395153167c688bfe4bd5f80b1e7f2504d4fdfdd4af02c9ad16333fc673d6d59ee43acd64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
0dd1e01fb8a974f3951452b652021da1

SHA1
9eaa199f7ccc640f0b3bab4bf11acbdde8aeb01d

SHA256
53339f9ee430d2278df90ee6906ede994537596b70d8bda1c0c09d14feaca90e

SHA512
0f4f343003905e4171b6a421c830afe9251506102f241ca34b6fb99722a47d8666dba14ce02f08ad341e23280f6d2b175cc6d3b8fba26c33174e856a3657f51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.4MB

MD5
911036fbfda8ccf5edd9c6baa6e2bda4

SHA1
459d9b6deb7b66fe42c06c106beac332ddaeb3c8

SHA256
2fb1493cdb6f6ee61902233ae0147f678ee26da1f969401a8f931acaff330bbe

SHA512
6c4fb1c996b49803be2a1747bd66ccb1201294af52c05246d366658db914f016911858ae7da21fee06e1e21adcfafe06133f69f586001ffbff1dfb723ddaf92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
21KB

MD5
f7299051c085e721f9e22781b9022263

SHA1
04013355e6de033101fc4b008ce15f037c9f84af

SHA256
2b3ea0368a5d749c8ac75ecb4f714631556dd4f6fd499a56b86f8120d31d1e77

SHA512
d51e7d609e9312b4859b17d4ddf518b5745a86decfede0b75bcb4fd5b2f286735cb52b84c018f208565c7604b0cc8696e4a2460d6d9348af860a9bd1351d3621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
1da9e79892aa1e8915aac85249688d24

SHA1
f24cdb320a9f1c98e41d94a80f2020565fed68a8

SHA256
5ea8de2f79de9e0340a163f767fa37206f7a97c5c36608da0b4c9dae9de405e6

SHA512
1120c66ea94caecb3a4c33e282b304e74a3cba7c2dba7ff7fade6370675af0bdb5af09e0a75c8bd970d1b5bf0da482ff06a4ea0fead507a4a5f077d30b3db0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
8759f5804935ac90842ddecd4549af54

SHA1
d3f95b6651ee644b676e8a9f42a7e1f8b25cae06

SHA256
ca04a5dae3e1d4f311d91d174f4a39f69aca6eea892f62a5472ba391219bd73f

SHA512
cdd7e372086431223353ae36d4be113fc84916eefa7dd77c35b51061d0fcb9a43991feab70171c65bd47a560b40a2cebcede90e9e31c2bdbd968c47f5c722027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
9f1fb132a21a37d1859cf939e3a0e687

SHA1
e22d25bd340547f0f8098765e2daf50ec5f9640a

SHA256
f5bea1c0636f7735038da7bcbe38f1838243e1cb7333e38b0b6c749ba952ccee

SHA512
6a4bbc1de2eb68a9c5e8fca3dd4b50fa5a245d512a88bab3ed70b01f2cc2ba4287b8ba2748980417df128089518cbd2b9bf4eccbe9c99150e7f8d7e3ed2b98f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ec624096d3ec32fb385ad14957e62cb6

SHA1
f53fbb322ac0889e35144028e2293287a74cedb8

SHA256
44180179f9564ebbf4cf393055edfa4298031454f7b4904887133f395d20f8ba

SHA512
862f02c498a3bfa8476b087d3daf8b66e6842471aefe90c519b7c65f74c20f953990ba574724f97e143e1a9ef9888a1828fa41d8600850b6dc3b8d61ced26e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3d1d2bf803aa738a4fa704687d243fd6

SHA1
16e4f005dbfdcfe1f6a651807b09ec78dcecb276

SHA256
99f5f2919f491c5b0b91570a408479b142cdec8b631d2f49d38d691132808f2a

SHA512
b03e9d3a51f183e0e1f167a5b611a86a3e5120dd7aceeedd2c1564ab3a901e2ea119dadc23b976ce7b9f587303c547635d2f4eb7321dcec18b1ab209f338b45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
ae35ca45c60d3c5045316e80ec3f1041

SHA1
ccf50d6df198b424d4d17268c013eb156ad9c743

SHA256
265080ce3bf073cfd0677034526da7515a1faf3adbe140eeda7364f247157086

SHA512
eb7f3b2199c7059e83ea31d50f75f6d58a6156d2f2aa47dd97ab866638cc75df86e1ec6a1b0b765755aadbbea2b8ec7feea18f69be3733d6e7a5f9866486b6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da209af41eea712229588a5cd1e2e622

SHA1
d76d7a352a6ade16ca9a36c6af5bc5c8dc3e932f

SHA256
50ab541bc4f70436906b4d00a2dfb8508ef19970c36116cae16ba7b68fae60de

SHA512
4747b9552db88411c5e8a93935545f53bd744b796b01a95ab2d8bc69a72b6495cc8e66b5fc4fbd70154e7d3130f966779324ae631c4e2388186d2316280aac33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9bc28ee64e1f8d627f64477b56965b30

SHA1
f993b4cff158e15f2c05e36f97b21fb3114396b3

SHA256
63504bbba0c86fbd520125b1459463174d27057d9c7d673263dec2d487754a17

SHA512
b6adcf9cf1c69ef4210889596882b7a31294ae5aa09629ddc10a2d71efdebfc87326cbf2477bc28f3584b298b51f7c7f39ca256dbb3a0c0ae52946d871748561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e4727efd8095929e9db62aa0602f5f2

SHA1
8b5b56127d0db649a039a10895341fc2e4c72606

SHA256
e14b5ef144cce50992fb85080733bdfd1bcbd72afd0d5398ad18bbce151c423a

SHA512
fb3a9c7aba34e1c352bbbbc6fcb2feff200578c2da0ef477d58e84d72e8185bf373094b5110a5f025b7ca494297aa42bbb14e2cd4473f2e1279736e81baf7665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c95f6b7f01a63fbc292e49a2a72b8bed

SHA1
e67927b824a6839eded7ffab3098ef7263055303

SHA256
93859722b2fae90ce2cdae69aefc22a0a67d8c891811d67dfa90da31846642fd

SHA512
43caeed3dc35ec3966258bc7c61b05128fe16a4fcef75dca08dc9a51b8f12840a8c586bfc6dfa51069aec4379561ccf1c04df77aa7a8713f57ce8d87954f28ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de402da07bb2d1e244c724a21150195d

SHA1
d4bba776a3a48fbecdaf54678e60c16a9ca898f3

SHA256
c4a39e63154a636495e983a5a43536d3e3ee02ae9ac1a948d840016e029ca2b2

SHA512
d5f4b72658efe7e990cb36e627e97c0126a67aa5e065813e1a7001adcecc15854ac4313215b766e06d31740271dd40d849c50f3e28ba087521a74be2197b2bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fc7d3c424eab87dd76224ed6f219ce05

SHA1
64c1bbfffb8617c240ee6962f42e5bcd0c063347

SHA256
b91b4f1f09bf5a7fb22b12db6192375e3a2e246c7cd3ac1662c4bb406cc68de1

SHA512
243fb1ee65912c3306b7ec3dbd6ed9081784221a1dd01c6aeb0ed6f9be60b6a91ff2a1a648b1eaa2ada6d40d1a16aa8ff31503217ef78c18a63cf1cff9391326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
37b728ca3d57d03cf0ada47e4ab15e17

SHA1
2d8c75f51c33189938abe46117fa53da53452e96

SHA256
fd4cb84d62e2b82a0e6e5cb96b5d58152a1392bdab52f6cf6f944d5f2bd639c4

SHA512
d1175190b1ebd96837e093ca127371d4ff7aac3e6e33c8d0e235fbfb90db2cd2d838685196b1adc60210b6db90a4a79bb5e32d3ab2a5b5603859fcffa50376bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0U69O7L5\errorPageStrings[1]

Filesize
4KB

MD5
d65ec06f21c379c87040b83cc1abac6b

SHA1
208d0a0bb775661758394be7e4afb18357e46c8b

SHA256
a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f

SHA512
8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4329235D\httpErrorPagesScripts[2]

Filesize
11KB

MD5
9234071287e637f85d721463c488704c

SHA1
cca09b1e0fba38ba29d3972ed8dcecefdef8c152

SHA256
65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649

SHA512
87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\THHXO5RX\dnserrordiagoff[1]

Filesize
1KB

MD5
7e81a79f38695e467a49ee41dd24146d

SHA1
035e110c36bf3072525b05394f73d1ba54d0d316

SHA256
a705d1e0916a79b0d6e60c41a9ce301ed95b3fc00e927f940ab27061c208a536

SHA512
53c5f2f2b9ad8b555f9ae6644941cf2016108e803ea6ab2c7418e31e66874dea5a2bc04be0fa9766e7206617879520e730e9e3e0de136bae886c2e786082d622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYI0S376\NewErrorPageTemplate[1]

Filesize
1KB

MD5
dfeabde84792228093a5a270352395b6

SHA1
e41258c9576721025926326f76063c2305586f76

SHA256
77b138ab5d0a90ff04648c26addd5e414cc178165e3b54a4cb3739da0f58e075

SHA512
e256f603e67335151bb709294749794e2e3085f4063c623461a0b3decbcca8e620807b707ec9bcbe36dcd7d639c55753da0495be85b4ae5fb6bfc52ab4b284fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
e0757d5041bdd015dd5737ac46c3abf0

SHA1
5277905edf24cee3ea3ae7d0b852438608fafbb9

SHA256
4ecc805ed3a49e81a79604cdb9094fb215fa7ddaa9bd1ee504c8eaabb4030b93

SHA512
82af571712767c613940a76270de6ba712895c3c71c7712c3a51747d77339738c1f28101fb296cc7871d8bf1b08c26d1c8ac3e20e5769869c59d98627a0bec33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\8709E8A0A3A140D3BA059C3A07420EF01DA5FB25

Filesize
32KB

MD5
d27f2ef256c26143c72277a4da5aa842

SHA1
e01b44e6278c2fe5a79328347ba0642e1bdc33d9

SHA256
ae9efc1afc85325f6b066996ff22cc2472a85dd3959fad5f4faec7e59eb79437

SHA512
01eb4eaaf2b5e3e21f0e72cbf747c586fcbd2ff0c7e85c03724d626cdc54a7d39273293cf98eabfa8eac48de57e504aad903b26d6d0789591fff611bfcc5ecd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
7KB

MD5
a2f875e0997cc8fa264a833cb1e7ea16

SHA1
4b73176c8c47137165867405777993912fc5d8f3

SHA256
f0abd29e1c80787c89cccca9db3d14c7c9a1785b501db4504098a000ad2106f2

SHA512
a61846ac19e8505db1760359e2699f811cd214593c60ce03964bf9f144813f21a6b4abfb27d82d8127dcda7e91a3253bb6e86fc910abdc4bd4aae705bd0f8c41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
15KB

MD5
e84c9b9e264f2725f18872329105c14e

SHA1
ff2db9e18b9eca6ff106a7921ffd7eef4889dd80

SHA256
7772ee2687f923d2e5ab4ee0a9465e6118cb4545e4aa44f7d853a47fd06b907f

SHA512
15e6b44b2040bccb6aaafc900fd15894fa7251d7ef51fd6250f71c39df453f7d2b94d69c21fbc3126adc394a4ab5a34663b76bfd45bc8c37e740126d87c476da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c935fdb6513936cccb9ab44d2b20ae93

SHA1
d36efa2089fa5420faeb8709015dcc309c27eca5

SHA256
0d96d320b15abb8d316132ebd3984046ffb43d5acf0efed3a3708abef2b67202

SHA512
df128dc34c7cfe40abcf040abe958e343582ed3a1a7c71d7e839df861c735e6eb35527163691ad2292d7e7bb0786c63031eebe8580c42c7d09c14035d5caefbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
373c3e8c8542e6d2b5d6e8f6d2c15e0a

SHA1
3ab1dca936192edd6d7fa216b7d2c0cececbece5

SHA256
c44ab82a89b604c73d3ca23c7478ab6e5bd4929c3fe86c75134b8d603ab10a2b

SHA512
129382da0b6e71d9a0952d807801219027bab1497282b9565b4832c508b1a0d22df4612c07c51a4af8cf8012ef34975ef80e11d71f3922968d76a638340c05ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
983568dfab287e1e49291827f048541e

SHA1
abc785392b271da6de3ead46633f1ca720fa4369

SHA256
5c50061ccb8e6629cda324e058c182f69303ff8f1407d3e7d2afdca97de6d4eb

SHA512
d1d88985216d56dd2d31ed9b28283ce2546ed8d6785eb2b072b5b0cf8e5b5d36a5efe547e87babfcdd2712816022a9a94a2d8f85bb602827b44b6b27edd16576

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6786e33b00cf0618e1074d48e0980fd8

SHA1
6c3e0580bbe96ed9df4aeba1f503f91bcb3dab85

SHA256
1d6be4230c539a6db622e5c71e49dcfc385123d30eaa062c9ea592ed2fccc4c3

SHA512
e6ecd390ce659b7e949cfb5acdddd4d6e2add3f0b4432cad243704bc4216b4e21082e8259e9225cf78426b29298128364bd5ea140127e47133b6d2a8e7ca3a53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\1edb110d-dbe0-4591-b9b5-20943ccf4519

Filesize
982B

MD5
0526c79ef2ded1b059c284cf19cb0ed4

SHA1
00bb94d125ad7cf52dc44e300d8e32549b3ae508

SHA256
ea39738263e87bfbc4e561c5831e1342cb1f56e2338c0e3ed22d617994b05c99

SHA512
4bfda807328539bae9292f32a09fe5bb83df67f9501262fadeff6703dbb22a395f69b975a4187d77301d9dd4715e2612bd5c40bfade57090779e86c585838918

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\75159f65-ce11-49fc-9eaa-a2883792efc2

Filesize
28KB

MD5
889d2924b96efdee14ebc1241bd3a875

SHA1
a5cbf8e1b159f7d06f5d0bddf8cb3a9c25910508

SHA256
357f14dfece759a8778e3412e23e1c79467adfdd3c9f563897fbc2f93756cb55

SHA512
4bafc040cb93d01f312ca621d33535bc9db48380c2d5463bae381b65c24f7f8de24b40b7ece876bd15f7331b2d7231774df526a4015788dc73a97a23d21cd629

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\7874e480-891a-413f-8290-84244f49c8a5

Filesize
9KB

MD5
b69bef059f2c0794e866ad1f3a70afdd

SHA1
4a0f58c8e09c0920da0fb02d1ffe0a87ef3080e7

SHA256
c9b46a01ef5514d15f99090bd939374bd2505e023119c5fce94c392608714f60

SHA512
9b97c026fabc473f28c7e6a233cd441f09109d60db4911aa074baea0b333e655f0cc3ac8493e7e6058b826cdeeff0e6ddaab101717355e17be4d4e716740aa74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\cabcd6b8-ef1e-4b64-b9f3-e96c4533f259

Filesize
671B

MD5
66263c493ff4aa4e378e4f0d779119dc

SHA1
1af6bc841b00557c724cb25fcb52eb559deb6747

SHA256
0079328f4416d0e24d95800fb2fbb67ae8bfe69532ec8f3b5ed6faa9a1fcf31e

SHA512
389c1f64f93b988309f5a885556a08d31a9d23471055aa9ad106c4b28361d3fdaf3711cea020a4226c37883c30a446124d6f8d7ded98c8c073141f6c31774d96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
11KB

MD5
1f670761a19320657d9c7c9965d6ec02

SHA1
0bb4519719373a8eec0a1d0b970a3524a6624ded

SHA256
c2971166b1729a7b3bbd47b9ba202bb338722ecabf5ce2b457376dcbf79dc9da

SHA512
70f7c14fe7f0ee4e86c35150854c7ed7b23e63b5abeb016a0acb37d40702fa756f1669f13581d9365dba546e473f28ee271a2481e5203bb286acef8ccc2cf347

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
11KB

MD5
a855f4daea3bf124dfd44dc346fe0cfa

SHA1
598bee4d022618e049a8364e32266d7c318df369

SHA256
0e175a262d540093f6bdfaee6269bc28bb080fcc6545bb978df0c2a3fb1682ee

SHA512
f5c82fa7930f8b883006203468f493a2fe9f3413e14af4eda3470aa5474b7977db2f5143253a25225fc49eca7d7a76060637ea0425643c0bd2526209f0db72d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
92a069a3b48709f6e1541f098b82fa3a

SHA1
cff03f6c0c78c9f3d065bb6cff825b931b6854a4

SHA256
0fd1999cfcc285d44e052bc46bb5a855003c2978f0851425f6df7abfe5016669

SHA512
9495926fdf9b10f93fa205aa95f42468fab1ba5e98102d5d4ab8cf57b55edb8ccae2fc174e0efa223c972fe13c3b81260f9809908bfe9dcbcbce4e39fdd2bd26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
4298829ccbca9f449660030c620adbcf

SHA1
772f6d17541c12167348f456e0d3d35b415e9d97

SHA256
e1aea552cf11189489ceb3cf8edb27995fbcf154c86bf640251def03018b1d22

SHA512
b979d53ba1bcc4903bd023a84aec4d784dc9106b8003818d6d7f41b1af810f4be66e1e60112efb452991b31e3aa5c75d8627eb83da39b99fae998e139b87952c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
d0f2595fd3122ef90ee9f7c89ce97837

SHA1
73e8a13b54867684aae03688f826821f80a28467

SHA256
7b7ec42a0be6e5580d3c54538eda5ecc677f7fe55e68f97dba24fbfd456daf45

SHA512
8e3d31b2d00ab7fae639babe8c316f1c5eb54991cfddee011547b01fefbdb7ca6486b519a7f73d1e777b91830e191c5d5086152e17b432681df7192643f2c9cc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 294952.crdownload

Filesize
36KB

MD5
730c73d003d05fd0d3538d6e5ea45252

SHA1
61f5d28b343765cdae7cdbf4f8018ff96bb6b5db

SHA256
c01597b3a56dc98c7e71106e366d9c2c6e18ab0c8888ac7367bac6e4e71f3442

SHA512
906f2ea34a3d3550cb2b06c39e8c6eb7ded374d7f3f84988679229f2f59f2319f7dd00d508cf1ddfd55b96e56ace34f005c494eb2831cdded928f7fb701c452e

Download Submit
C:\Windows\Installer\MSIFA3A.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\e58f9cc.msi

Filesize
34.7MB

MD5
488b1c3be9dc419e7357aae1839b23af

SHA1
aadf4a443dcdcc07dedf718b5a901f0f59891705

SHA256
76d60c6338d9d68eba16a7e6c2faec9ded0fda7bbd4d103a17b064592e808b7e

SHA512
28d37ac23f1155cd19b70c4d1cf7155ef96c344c3039550a3d25be0c41a624e69587af6193a1496dcfd75e17a3ba4e19d3f79105ab23df8fb825fe32082c4e6d

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.7MB

MD5
558d5c4a96997b1cb763981747b2dca7

SHA1
ec8cf54a44223c7a1c8b7f6e11a0a13e4aaba548

SHA256
643df75683ff614007cfd074c78ca978c040b370da864fefa0aeb42a5561ad33

SHA512
edede62803853201d762953b1cbf1b1db2bacac51bb535184f5809bcadbc817e11b4959459deebabee3231201e7c495a0ae7c0deffaf3158fc5ecaccc9c64430

Download Submit
\??\Volume{f1c9ec80-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{94d47cd4-37f0-4118-8763-063281e4cf88}_OnDiskSnapshotProp

Filesize
6KB

MD5
5ce8b8965035651e7fdb1296af647c12

SHA1
414c1f77f271d684a96f688515cc2b25af7432a7

SHA256
c82fa131a7e45c8946b6d96697ef0c1222785772a6222f0c81f3c53c47c7882d

SHA512
0f0effecfebf88d452f8f8ae1d2d2781c742d0fa41e9bba5d1594ec6a784d2d6304cb111cc19c08e83ab5a33cdf177ba6e3a60c39c91185e1eee5b8f04753d3c

Download Submit
memory/3404-643-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-645-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-647-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-641-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-642-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-646-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-636-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-637-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-635-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/3404-644-0x000001CAFDE60000-0x000001CAFDE61000-memory.dmp

Filesize
4KB

Download
memory/4928-2683-0x0000000004DB0000-0x0000000004DBA000-memory.dmp

Filesize
40KB

Download
memory/4928-2682-0x0000000004CF0000-0x0000000004D82000-memory.dmp

Filesize
584KB

Download
memory/4928-2681-0x00000000053B0000-0x0000000005954000-memory.dmp

Filesize
5.6MB

Download
memory/4928-2680-0x0000000000310000-0x000000000031E000-memory.dmp

Filesize
56KB

Download
memory/5840-2837-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download
memory/5840-2836-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download
memory/5840-2835-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download
memory/5840-2839-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download
memory/5840-2840-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download
memory/5840-2841-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download
memory/5840-2842-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download
memory/5840-2843-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download
memory/5840-2844-0x000001FC839F0000-0x000001FC839F1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads