faca9623e7841c5634c17b56fa17d50a3c86eb9d2302b418563e3d26601343d3

Analysis

max time kernel
1798s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_five-nuker-contents-dir/api-ms-win-crt-filesystem-l1-1-0.dll
Size

16KB
MD5

4c1a59a3effe3d39045c2536a686f96b
SHA1

7209e1cd70421df2015c92fc438848c71e29c116
SHA256

c3d0afba3b4fb2398dee617d79e07284df6fe6fd916a3fb12f99c1e81e815abd
SHA512

17af0aba042d1c0082bc73e4ae1d62db841c7cc205ea46878c3ff82a50a5db9ff81c913bc5d245857be1546ee74678baa9d5f53989c32cd6a1bcc395a8b08fae
SSDEEP

384:c481nWm5C0W2hW7ZSf+VIYi+vCqAM+o/8E9VF0Nymob:rOnWm5Coj/Yi+FAMxkEbb

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675461992960210"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{62978EC6-3887-4317-929B-A72A3C3657B9}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{0DACC8FC-9F1E-4925-BE89-EFF524997C85}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{60B1F00D-341D-4065-B295-DED3D794F3BF}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874385"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "5"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{6C80A190-55CE-4A7B-987F-6FEC65721F2D}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{DD2AAA15-8BE1-4A4D-85F3-12CF0F451A65}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 433458.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\Downloads\Unconfirmed 433458.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4768	vlc.exe
5592	explorer.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe
6020	chrome.exe
6020	chrome.exe
6020	chrome.exe
6020	chrome.exe
2676	chrome.exe
2676	chrome.exe
6392	msedge.exe
6392	msedge.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4768	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
2072	msedge.exe
2072	msedge.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe
6652	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1772	firefox.exe
Token: SeDebugPrivilege	1772	firefox.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5332	OpenWith.exe
4768	vlc.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
6776	OpenWith.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5644	mmc.exe
5408	mmc.exe
5408	mmc.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 3456 wrote to memory of 1772	3456	firefox.exe	107
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 3596	1772	firefox.exe	108
PID 1772 wrote to memory of 1548	1772	firefox.exe	109
PID 1772 wrote to memory of 1548	1772	firefox.exe	109
PID 1772 wrote to memory of 1548	1772	firefox.exe	109
PID 1772 wrote to memory of 1548	1772	firefox.exe	109
PID 1772 wrote to memory of 1548	1772	firefox.exe	109
PID 1772 wrote to memory of 1548	1772	firefox.exe	109
PID 1772 wrote to memory of 1548	1772	firefox.exe	109
PID 1772 wrote to memory of 1548	1772	firefox.exe	109

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\_five-nuker-contents-dir\api-ms-win-crt-filesystem-l1-1-0.dll,#1
1⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4616,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=1008 /prefetch:8
1⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3816,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:8
1⤵
PID:4892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7161c3f-f24f-4df0-97c2-e13fea89656d} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" gpu
    3⤵
    PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66826edf-ec9d-4838-8d80-33de7cd5d8e8} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" socket
    3⤵
    PID:1548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3024 -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 2956 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {257b07a2-1568-4062-9bed-d45520692bc9} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
    3⤵
    PID:3068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -childID 2 -isForBrowser -prefsHandle 4216 -prefMapHandle 4212 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e79f9ca-b049-479c-8c5b-b55e9d6a61f2} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
    3⤵
    PID:1616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4896 -prefMapHandle 4892 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e06446-80fe-4aab-a4e3-d6710efdf7d5} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" utility
    3⤵
    - Checks processor information in registry
    PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 3640 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa54714e-4089-4c44-91af-34d60cfefd3b} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
    3⤵
    PID:4148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5152 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ff4ac3-0d9c-4865-96c1-6a92ea8f0965} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
    3⤵
    PID:4580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae1491db-4bbf-454b-bc82-6b8d8cd06daa} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 6 -isForBrowser -prefsHandle 3716 -prefMapHandle 4344 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1514fc96-e733-4276-b519-8fb0932602b6} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
    3⤵
    PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ff89248cc40,0x7ff89248cc4c,0x7ff89248cc58
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3440,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4764,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3484,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3512,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4184,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3760,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4632,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3536,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3364,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5240,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5336,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5564,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3420,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3224,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5356,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5444,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5424,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5408,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3588,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5300,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5308,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5732,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5508,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3596,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5772,i,6081911859383889797,10113444692225603019,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x51c
1⤵
PID:2960

C:\Users\Admin\Desktop\MEMZ-Clean--main\Memz Clean.exe
"C:\Users\Admin\Desktop\MEMZ-Clean--main\Memz Clean.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
  2⤵
  PID:6892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
  2⤵
  PID:7124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
  2⤵
  PID:6520
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
  2⤵
  PID:4860
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
  2⤵
  PID:1864
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5644
- - C:\Windows\system32\mmc.exe
    "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    - Suspicious use of SetWindowsHookEx
    PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
  2⤵
  PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=3592,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:1
1⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4304,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:1
1⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5360,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:8
1⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5316,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
1⤵
PID:6084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5320,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:1
1⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6064,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:1
1⤵
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5956,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:1
1⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6308,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:1
1⤵
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5340,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:8
1⤵
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6228,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1
1⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6248,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:1
1⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6384,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:8
1⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6468,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:1
1⤵
PID:6076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=6628,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:1
1⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=6400,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:1
1⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=6360,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:1
1⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6412,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:8
1⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=6912,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:1
1⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=6528,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:1
1⤵
PID:332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ff88babd198,0x7ff88babd1a4,0x7ff88babd1b0
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2280,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1912,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2304,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4472,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4472,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4932,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4952,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5372,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=5640,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5672,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=6188,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=6116,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4988,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6176,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6976,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6984,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=7276,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7108,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  PID:6280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=7220,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=6908,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:6996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6948,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  - Modifies registry class
  PID:7004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7528,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5452,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7512,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7200,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3196,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:6320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6996,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7680,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=7544,i,10275936889053511594,16633520365796872527,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:8
  2⤵
  PID:7112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:2072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff88babd198,0x7ff88babd1a4,0x7ff88babd1b0
    3⤵
    PID:6644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2300,i,804978601224740691,4387779106997314418,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:2
    3⤵
    PID:6736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1944,i,804978601224740691,4387779106997314418,262144 --variations-seed-version --mojo-platform-channel-handle=3304 /prefetch:3
    3⤵
    PID:6968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2324,i,804978601224740691,4387779106997314418,262144 --variations-seed-version --mojo-platform-channel-handle=3420 /prefetch:8
    3⤵
    PID:7088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4468,i,804978601224740691,4387779106997314418,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:1
    3⤵
    PID:5836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4472,i,804978601224740691,4387779106997314418,262144 --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:1
    3⤵
    PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4988,i,804978601224740691,4387779106997314418,262144 --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:8
    3⤵
    PID:6320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5036,i,804978601224740691,4387779106997314418,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
    3⤵
    PID:6316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - NTFS ADS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:6652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff88babd198,0x7ff88babd1a4,0x7ff88babd1b0
      4⤵
      PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2244,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
      4⤵
      PID:6508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1960,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=2968 /prefetch:3
      4⤵
      PID:7100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2228,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=1696 /prefetch:8
      4⤵
      PID:6988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4448,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
      4⤵
      PID:1332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4448,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
      4⤵
      PID:2900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4708,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:1
      4⤵
      PID:4416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5040,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:8
      4⤵
      PID:6772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4676,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
      4⤵
      PID:6952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4476,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:1
      4⤵
      PID:4632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5484,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:1
      4⤵
      PID:936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5656,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:1
      4⤵
      PID:620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4704,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:1
      4⤵
      PID:4532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6192,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:1
      4⤵
      PID:6616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5828,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
      4⤵
      PID:5644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6100,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8
      4⤵
      PID:5812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3740,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
      4⤵
      PID:3720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=6376,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:8
      4⤵
      PID:1868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6468,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:1
      4⤵
      PID:3784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6576,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:1
      4⤵
      PID:6580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=1632,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:1
      4⤵
      PID:6648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6916,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:1
      4⤵
      PID:920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6636,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:1
      4⤵
      PID:6448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6904,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1
      4⤵
      PID:7136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6920,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7092,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:1
      4⤵
      PID:4836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5832,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:1
      4⤵
      PID:6964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6340,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7396 /prefetch:1
      4⤵
      PID:972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=7352,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7004 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3780,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1
      4⤵
      PID:3048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7032,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:1
      4⤵
      PID:6772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6308,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:1
      4⤵
      PID:768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5316,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
      4⤵
      PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=5296,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:8
      4⤵
      PID:6816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6948,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:1
      4⤵
      PID:6600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7176,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:1
      4⤵
      PID:7084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4632,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:8
      4⤵
      PID:3632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7180,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:1
      4⤵
      PID:1944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7492,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:1
      4⤵
      PID:4876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=5304,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7300 /prefetch:1
      4⤵
      PID:3700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6892,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:1
      4⤵
      PID:1592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=7908,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:8
      4⤵
      PID:6380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7616,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7816 /prefetch:8
      4⤵
      Modifies registry class
      PID:5720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7248,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:1
      4⤵
      PID:7104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8120,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=8144 /prefetch:1
      4⤵
      PID:6308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8172,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=8088 /prefetch:1
      4⤵
      PID:5800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=7580,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=8148 /prefetch:8
      4⤵
      PID:1212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7216,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=8404 /prefetch:1
      4⤵
      PID:5604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=8388,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=8396 /prefetch:8
      4⤵
      PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=8424,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=8796 /prefetch:8
      4⤵
      PID:5280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=6208,i,5186895473906725854,5263718731531602447,262144 --variations-seed-version --mojo-platform-channel-handle=8420 /prefetch:8
      4⤵
      PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5332

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AddBackup.au"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:6668

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:6940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff89248cc40,0x7ff89248cc4c,0x7ff89248cc58
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2080,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2092,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4536,i,12569976292876534323,15876019918511997877,262144 --variations-seed-version=20240807-050119.407000 --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3716

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5552

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:5592

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:6664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4fd2e1e0ee89ab2efcf64b13813dfb57

SHA1
f1469469ac1884f002fbe3cba1d8be88cfdf39af

SHA256
b94064c9e6abef05638da45947d0760325acfec963626406aa73bdeb3f3e77a6

SHA512
f28e540f5e356191f33a7e5cb091d9e6fcafac73a94e87d6b96823ff9cd8d914ed319cb3ad1ea76a5e788b7637826b6b5fa6b3a6c96f24353c0c44f9ce0b00cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
167KB

MD5
fc9a70ad8b27634419cccbf99a639a55

SHA1
f042fd9a89acb1e7149bad00f7318196cb292f28

SHA256
f4f573c3d9c467763ae0ddf368246c8459f25c7b8951446c31dafa3e728002a7

SHA512
977df2535c779eda1c2eabd498067f93ae1d14777b7f5c90ead4ee9d28c3d30b718679d31bfc2e95854ca56c5085c078fd6f87221a56dba3a09d476464dd6843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
41KB

MD5
00d4cc262b70dd3d386111ff78fb0812

SHA1
628d4dcee1e82d04ab3969c29e256cef10101407

SHA256
956916ddd6bb5ebde0f5df3605a524d1624ea335cdc6bd5bf26681d3a5ac5239

SHA512
12f3cf77c4ee58eb00b08ced394d35e35237da4bc9ca62b1408c6dca4350068aa94d3a0e98132aa0e6cbcbdb7dee9c2b9c5399ba7c4780442200ad37a4c2b1a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
27KB

MD5
09ac9c9a95dde9d928585489b55a7a53

SHA1
a0930234469184cebbc08e399bc4d7ad9003b2a0

SHA256
a2b2e70072c91efc39fce757a94ccb51cb7de56c2e2accc7501947ef0509a612

SHA512
0b6d68f9b28439a56bd0fdbd391f8107023117e985a7087dee483e7dcb998897db2e7ec4cdbd551f6546ec648c2c1b8a4345562f9640bcad14fbedaf2730551a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
21KB

MD5
a6d2a865e9f16ea305950181afef4fcf

SHA1
082145d33593f3a47d29c552276c88cf51beae8e

SHA256
2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2

SHA512
6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
37KB

MD5
da4c2d9295fbab7844d4f29079dbb8d5

SHA1
2e214261c9f3394badf103af57a2b9bd6f89a68c

SHA256
b2f523dc352a436652fdfa66e899f589653015929b1add2da64eeb9650a7febd

SHA512
83a66de2c3593c960f5e7567f8c315f983245334f63bda67c7490570753bce7e865a1f752d15a5b6f795fb4cc4aa2a122ce6bcfb86bf3e116f00df7a558a92c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
20KB

MD5
c4b8e9bc1769a58f5265bbe40f7785ef

SHA1
07ff14df16d4b882361e1a0be6c2f10711ddce50

SHA256
2786986a3139e9722e667f81b4902609a4cf458e1c16206cd11feceee0254192

SHA512
a39157460b523ee2b9e1eacccf7aed99ff002767a8f87287c1c4662b6711b97f7d4955df64a86a882417fe71e598719e3934e14f787c1e6b3348c8a4c813e3ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
17KB

MD5
109a8cceba33695698297e575e56bfad

SHA1
2b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053

SHA256
dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d

SHA512
6d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
57KB

MD5
919d13ecf08e3da7e9f337e7b60d6dec

SHA1
3d9bd4aa100f69cf46ad175259edd6ce9864830c

SHA256
9d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0

SHA512
98d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
19KB

MD5
f5b631335f170065edf1b148e10b34d4

SHA1
ca34f82af577fec763ed38f0436d20f1cf766f62

SHA256
99be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846

SHA512
c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
137KB

MD5
a336ad7a2818eb9c1d9b7d0f4cc7d456

SHA1
d5280cb38af2010e0860b7884a23de0484d18f62

SHA256
83bdfb7d266fd8436312f6145c1707ddf0fb060825527acfe364c5db859887a3

SHA512
fa69455b3bfc162ab86a12332fe13322dfd8749be456779c93a6ab93e1d628e246a31a0a55cdba0c45adb3085acd62ba0a094b2115529d70cb9f693f3b1da327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
23KB

MD5
bd96190c3723c6828cc6601ee39d46d4

SHA1
8ec0068e12d9f113b01d6077cf634f19079cbf53

SHA256
ed8fd1c5a4f0e11544b694ca505105c2a8fb4b643b41bae87b2b4f1ba14f8d1f

SHA512
7c649fdad52f9fe2bf76af6249b3d7de40ccdde73618c5b929fb16fe32e51873f7a73734e64b54e918a31d42d6430128c8801787e4ff5ee89fd9265ba9875dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f3de8e94f4194ebe8e8f5e5c40a6e919

SHA1
fbe5740ff38dfe8759deedcbebb695a2ef9a8868

SHA256
f8b841605b8a9b303c3d36de78bb4f10c65d7a038869b06a6b3e6970517067c0

SHA512
84c41b387d836a51c04ea445e493c73aae89680b685664e80f2a3d2a57b673b50e64848de96daa6a352de0b89a1e0d8d91f1944a88f5882a68590a9ce783b5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0d37d7a46bfe00b3d0b85d3f07e8195e

SHA1
af52103825f070749e7e113c01bd37aa3b24f5ef

SHA256
b180d9c8f21876ab56ec0f318a89a10f2a253767fe666809871c925219921191

SHA512
2775b0b79949e6ecbdcec6a43eb671310a49613c3c44ace675c91381d512f6bd136ee340589186efb942b811baa6618c08066ed6a4dcbf58bf338516f4085893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9673b852cd2a7e43516631f423b69c04

SHA1
675bd06af2456f1b18506b029b0f74fceac79162

SHA256
5acf3f701c8f43a6583e671cb6f10fb98304d737496139a043ba45996bcd142b

SHA512
03973f98cd09582ecadad5fdcf77e725f840339572fd99aab90a7289c7c01627f800735bf5577d74d38eb7ce85e532b7344fa618cc7147a1f8766e625cb51022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3df0439671922df5e59fe37f2aa52b6d

SHA1
08d6291fa1ff3022e0df4719d0b4eaf89e720bde

SHA256
90794c54875ff48d8a6d6a686078d543eb54f270e90c2e62b651452649a88314

SHA512
61bd7fcab5ed0e585ff792815f8b2d2db7f9dbae90f37fe52fda967e53ff963d135897e195c769928b543c650ee517552d85f41eebf0fdf36f9e2481abedd433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9ae3218376bf9a5d050c3161b7732bef

SHA1
b54c314920a93bfa1d9e0618169bf3aef6a5ad82

SHA256
680be884328e42103b6e5e350e6c337edcc3057c480bcb566d527958cb8440b2

SHA512
ad63647bcdb2665e197f13dd79a82d3047da61e03898cc8eb430c3c6bc65ad382375834259cc9c9bf98fa4c25b020be83075bdce8a7ed58b82d97bbc5427a425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
270444f6fc835659524cbd40f764c0c2

SHA1
b985a1e92f4b7eb4bad5bce04cca697b53965ddc

SHA256
1700f82fa9a2534a81530901616333d8a7e199505e4430f5639879f86579394d

SHA512
57b205386271b882bde061e8311cf7f01827f0d6fc38d6b1ef5395de4ce608dce87f10e5098e02e5b82d9a8a4359e25054714d8edb1aefb195d1830e83efa952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a58eb3e48e2b09740422d65911f5d87f

SHA1
29e4147a1cf7b5151e8181ed3200ed543e855f7a

SHA256
cf8a01c085528b7578bc323c667c384cd77ad9d475717de19b9b035661363dad

SHA512
75ff829d6f584a0a2ecc5a0275740896effa1b89901cf7245009211bd322a6ce13e9ef257a6c5c6fc34b5abd44921e25b76412100a6e247785e45f9cbf284e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c6e9011b3494b6c812528db9864f4993

SHA1
16d767168828b963ab4a42f5952772e59305582b

SHA256
e6d8b625831f2ac997480c7e6b55de8bf832a0d1102a68ba41f1c96e219a0979

SHA512
2e8a1c15022aa04b39c86313d6bb6c28e7fcad52e6afff3b70a72d17e19119632291d21a1e7e42a1aa87f8b6320dc4725c826a2901d69e67263be0b6e6029a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e4fa1fa81cfcc95fdb99b41b2ab480d0

SHA1
a7add994b4c217d47e313e7da85feb3ede93a19e

SHA256
19642bbe82c42c31fcc20fb13d39890c253e9ecaa41f6bec0224c3239cae8d29

SHA512
23e071fb1441e2d22f7389ea33d94eae71ed62f25528f5c2680e6a6acbd406b25bcbd0be14a5bbe12c5eb5f4ef0cf69f3bca3645d04ee35b447229934fbd57e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
528897b0243e70c56bf83886bbe5e806

SHA1
dcbbe87ede1a3353466cd2580c34cd470075c33a

SHA256
80dd38b13d0ed64ffc13ac10dbaed6884d4537362ad2d26e16313130d714f5a3

SHA512
fb4ab3bc335dbd4d08cef258d5bafb457a99e1dfcf2bb5523f0651d9be4d3848dd9e2d7ae414ca072f59431bab204d962ba06e2c83f81f4d19ebdc18893d0325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0f2f7107aab5aeaeb25aed2e6774e653

SHA1
83b71cc45692b1666dba245d2fd3d71f83de549d

SHA256
9b06566d053dd0a1f6f09a9022053e9df3cf4ed409d1418c2c0228877d1c8fec

SHA512
b13f79a8366d81644207f6b7cd9614afc3fef621fe20143b3566ffb619e82f03bb33c8c728188b2e4feb93de6d67c9e4e44fc20c12831df2679f7785e24fc814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6d57a58c05de9542f5abf004c0b5b3f2

SHA1
ed3911755c41b46a1c351057e89fc2ffd842b740

SHA256
311a6b228add3a635dbbf09e409fdeba656618f280e93183096833e4a6488501

SHA512
9c3f61df36cbea39513569dd14a920a51e3595a13493ad59f92f2ba7c67a0a9f7c108e0be9b790e14a742307f19fcb5e43ad021d07e2f20cf0cc161412ae2ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5960ce61fb4dfd219d53b71852182743

SHA1
ed1027e156631751224fc35986e632ad8d7f78be

SHA256
ef44f3e39b7e25de29994f9fe5cfa4994aea9a24c97cc9f4ddc32d8a7ab51709

SHA512
16738c9c3bf407b353fc473338b02abf876fdaa48590433954c4e8562561f365f09e1b8ff039867ad2535736819ab55d3f05ed4ac6b2d788555a2ae84d232b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9f1d0763872bf0165dce2b997cc02d5e

SHA1
c44138e4e0faf9855f5809746c5816ff6b4fbceb

SHA256
6a24657d61b7b9ad8851241aa35799cdaa9c0953bac9c354e0b0edd8ff864ebe

SHA512
7c3f01dc950c18e3f0112b6fe8b8b3322b53f180bcf8afa40568b54e30075a6254acc181df224e8513eed2669d7f79ee68838ea8a16a36f98a28878567e07aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a56e9d0e4f1342815e2cfe84a5f57c64

SHA1
57acd57859edc53c0769062a8738243f10e4b2d8

SHA256
7fb024743b0fd38500307b6839e047883a8722ddd8a0b897e25356b813419f03

SHA512
c9c03a196ae1ed23a1ca0165bf1374d5079e10aafb004d7d66cded908570ef57654a8f071da2d9581b413d01571f2ee22b97c7ff43cc2c03931bc5ef137ce979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
14116de25aeecfe49c502ccf35ba4e48

SHA1
ea8429a69a22013b0d188d15fcc7dae1feecf7af

SHA256
f1061d4b517a717692cd2035430595e1a46008569e6e91a8ad1bb982530b5788

SHA512
c628895312605fb787d1fc3a76eeb7cde4cd2c002857efab5bd6c35d83b805345fe177080e0c53c3616bad233118145f5986af7687be29993ae841416f5b1dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f37613836d5bfbc2dad2d5ba8b685ed1

SHA1
5f2a2857c2531064ea59f89fe5ec81e685b6b7c0

SHA256
47beae7bd9d33444da234487f7111d3be8bb0ac17acf38a7ea4e3a93f561ff07

SHA512
10b916bc26e296ef0659c3508f2a2296dee3272cdb8a0d1cb52e213a9d9e6cb445cb8468552c43de22430db5e4bef828c74c7cc3962847a68d0d9ce8b110f4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8310cbfef5614d0a8a6e49c32bd0111e

SHA1
93c1d9169712cc1947282a2678a46cae113c9988

SHA256
16ece041af22d97de93668f7c4307022653e5eafdb96f257b767eb49bcf20d12

SHA512
2a63145d299b4e147a66d16f2d64cd0981bedb8eb54dc52fc329e47c0697917fc5d2a7349f9820d7a7e0aa4373218c02501cecc7cd25457e671ee62b06b87d9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
45185d8c2363a710b75c0a1dbe206365

SHA1
cc3dd9d65ff91cc57cb6b1118913aaa216f1d3f1

SHA256
e31ca03fe324deb6ff3ee2bac67d45dfe14b64e72957da7fb5e118a82866af95

SHA512
deb161bb3033b94738d12f23a7800d8395d416af1fb6d4f2df31bdc9a390350cbe7998047b3bebb91c19d9789bfc6bf0a76106ba1169b19af90c0d9ab28fe094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be04dc0e48fe1b823f71ce7b0773fb81

SHA1
d10f51ab7f40d0c7eb7de36342f21e89a0bc7b03

SHA256
d2632f0befd29974ab80892ad2254456087fd98563af367501c3be989707e360

SHA512
94630dc117f1ca0126b8cdeadde83df8288f98a78ffccf221a35090fbcd2a1b9f7e4dc48c130c74ed1672456383720759624425b58c61e67cf120886e5d4a2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58cddf6dce29ce94edad8f194dfd6d61

SHA1
32295906bb9fbfdf835b2398587e88d8f27fe6f6

SHA256
6825fbd736e51bafdba97e86da0a9c9e3eadace66b7c74296ff5896e6f6bd18a

SHA512
c2a5449f8433fea6b6ad22347dcaea9e6a8dd4df91fcdd9e11b02006aeeff155f46cbf64a6839236a9ea0b0d745bee924c3bd2e539a58b37f2ea4f16f89538ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
41ff526681a3ce037ae5da17d21f6b3f

SHA1
6b5fee1b5b16b74cadcda1c6d116b179024fe885

SHA256
7f5fe51402c462941cdc912d32d53353940f65702d2853d60ba200849c064841

SHA512
a6412491c08e4ce8e4c4db377d535fa095ea4f558f6d524a63d79c52942c63e12a0a115b63bf42bb9cba078fa89ad331751a70e085053d66681882b181c9f013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8c1872fdede1d5433185acd33ac64780

SHA1
b823cf941835a1e2286ae8eca22677772bf799f3

SHA256
9fd04c3b59cea40fbd285b9e9510c7b3d9eb181a18f7d68ef2ddbc6a5765d032

SHA512
72b4eb4b966dd22af6f84f7a85b6f71d9db6ab195077bf8ba5fac3cdfc942ba7d0c40dbf313cd975c5a50fd2e03d6a570ada2a08b0785c05da04ec347de73bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a54cd6eb5e3d4c85419a46538b1882fd

SHA1
215bef35ab10242f3c14da4512aeee0d982412e6

SHA256
1bc01bc4ff71ab610b26d96763b11077bb08a7dd4524f388393aaa73beba15f3

SHA512
d7aa7f0f97fb1259ba1bcec9e19d4513ac0b74932555f78100cbd9052f7741f6a2426cfc989c55f310b4095b7865578b51d80b41b3024a6f8c8f0d29a68520e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58feabfed8726c89c9be57f3318e32a1

SHA1
16d85d033701dd38bf82a427b1481895658d9f2c

SHA256
d154c2200f7b6c6953b9cc2d955c5ca9c03c1bed1db45c42c83eb16e9f3bd9d3

SHA512
064fa41e17add086c283ed781ff894d5cf1b7033e1c574246ad45b38e7ddad3f3336f68c219968b0d2a4d8f3dcc8c8b3d89a3c69a8e3e032c611378ec17ee6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
189f72ecd953521db619a8e34e6f3d7f

SHA1
bb589a615821c4fe15cd98206d2c5f86c919b8c6

SHA256
cd004ddc2f3a1b305588f44337da87085bf127a2c436accb854d7c08176fca4a

SHA512
f147cf49eb986b98f707865482192bb1cc1331b25f5fa486f9d970ae8ea69106b17071607626bab5008b035fda740683a93d33c48a609b3cebd2e7f06e03e869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5f70f99d32a95aeaa038409545ce3a52

SHA1
b1c446a3839c5b7009c6a358e1895d808d9b8d17

SHA256
ab2415b02704716f16ba49f61946861049ab644bf76479f73c4eb848032a15a9

SHA512
254bd29e8f6dbb165ff42b3bcc55fc37b02820930e07a885b43c30712d56c840ae4c4c078fef072cc3c0a90af87f18d03c61249a5bd19e5d2ecb403ac75e938e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ceb58689b272d9bed34d74e51030dfaa

SHA1
5459337c10107148efdfa85b82b15b55b1e4f3e0

SHA256
856f0fe1a2737b2375a01e43afd662329ed276e984ae66152c274d655ea53b65

SHA512
122209add35a8b2b6390904b4adb71fd029cfce8cd243beb8ed5deed5546d0e5a29878242e40483150d9fc9997d941202b1cd6505d4482263b5a84e8e5121723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
70738ac89d1e249a23417a577c80e952

SHA1
d1d85e581995d45319656d3bbdafe6e2274fe6ae

SHA256
5cc7d9d43b00c0a81d8e2f4650c441a435cb9f668682e69bcc93dbccc8708044

SHA512
cfc33babf8ccdf9593914ab4ba6f9c17389354e551ef06dd20a852fe2fe7667c03328c0f83c8049d653cfb813c6c97040a45fe9b6abdd1e02d62e88e28adedba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
36e00308b053f324f5e130398a716502

SHA1
10ae277acd4113700fdb68059e40c167112ca37b

SHA256
46ebbd25349adcdf26037ca53a3b91cc7a0686f4947bd752dc0caf5cf75fe87b

SHA512
5d6b8e805ffc3685d2b508949af98c21bc26a8e63b60fd245b412938fd1253390fa7ba204086bdaa18985521e63d7e1f4f855ddfffc8dccd18ae49a2815d0971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0e9ae1fcd00c241b61c49146e6183958

SHA1
a4c16a9db15f17ad79b528fa49e01030ad095786

SHA256
46e81b37cf2efca387326acc49196c8136aacd4ae5632571220c4cff6853e805

SHA512
f7f6504aa66924555f381d8988d6f5fbb3facc505b4d66fab09835660287eafd57f8efca6e0e471e2ed111e8e1fc9963e9d438de8ef84c27f74902bf3d236002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0243bfb727e4a6b3b462cff98dae68b

SHA1
44d93f3a384b92000a6ceafb1ff2a2506c1e47d4

SHA256
0c10d28ce10243d7ed1dc2f8f1ec383522f8e563f8a4f15e533321fe05e6044c

SHA512
4e2d5de949007e20d558b12f87a40ebf7c8aca5ec0a78aff4be08934056321b97d79d8057db8de5bbcf4d290c3a1c6d92d2402fee697a1567bcd9019a8a8a75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d17fa88cf99d1b4eb3d21f23718b4c57

SHA1
357f4fe2b881ea7ac21dfba3674b2f3003f455b7

SHA256
b71fffd30efab9e1648ff310d7f9941130cef8c0455d492b77fd1e4bbfd2ed34

SHA512
a408d3eb6fd04d591c52f7e4648b7d9a9647b2f485ec473ed4345f5cc75a122968ea9c60674012cb1f1e99973b016512ea0151d8ebbe75cb35aa81d80e4e1aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bcab912ec8be48afc1a77d9175f6ae75

SHA1
fd86bbb985f7eb05f8026fc003fa910579ea9eee

SHA256
37ac7715a0a54a2c12ede2fd5333d182974bf771c726d165043a640964425b19

SHA512
e6721d8f9a18656c4007280135f474a9b47d1c13b99089551775b14923c2ef98fe389db9b41e466167df19f32281cca7039740e2fae6ed64d78824c47dce7082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a2aa08060195ae857c05f9e2fbdbb8e1

SHA1
3328136b0b658451e86bdcb1ff4da46f9656659f

SHA256
af356da23c47895883e11bafeff87cab7f5b4b7158575f0f50246cded5f9d912

SHA512
74df45b9d43502a4cb6a6161e17f1dfc7cf31c878ae5dfdd7aa519287984d369fbf3d0e6e7cbbd535c9bc945d99bfd906ff5c890719dc9b5188452c01a94586e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1f2e738a102f171665c7a51bdf82f30a

SHA1
495155babdf071df0cb25c2f51881461034db269

SHA256
d4bdbaf94a2fd6073d1d19a7c0e69bb053b38d1e6ca1a0f27ec3252f1c0e5d03

SHA512
bba4d081049c35e3e79ba124a7500e919a79c2321c1c3dfd7db92da3d3091745a8141b49825b2d403015ea280ee4dd7b2fa9250e5ffc1295b1ebbef2f3396f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d4397f230e8db546d511b51b5f216ce1

SHA1
dd2d5f0e8583c03e02283fc3cdfac355938dfef6

SHA256
5d2d80a04cb84a687eec3b1c1dd59afd2cb51b755fdc4c6b4a7ecdea887ebf19

SHA512
fe3fc6b99455f148cb2592d32d03d13a09a9e2f41c767a7ad1d8dcea79b9e03d131146006a2b9c9b55a9be0c8d57c9a62437b67e7c675a2e8f82b6bdfb502bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9a821c6e707c873121b2261f3e26f93f

SHA1
bb2912e2cac09a1ddc01d77229fb9db377b7d095

SHA256
3dcfef630025de4bc9f8071503e28b13c875e9c75247cd1fe12a0181018b5462

SHA512
892752b70e6f239e1bab77747645dc016bb8988d684150b840ebe7dea3dfd41c6a6757fdb3a6ca675cf9dccf037e36771792e5bb540e7a7b954485bc101232a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2c7d782606760e5c03e1f55c098f1718

SHA1
0eb26a3c813e9c2dfda7091810f3c04403ee1c2d

SHA256
fad3ab75ddf398598776f138c4d66c841d4bdedc50ebaf2ece3f71cc23554a7e

SHA512
fe363f8879446eb3146dc81c92961004c0bd3ba224920d2d501190cb4c8772761d202263eccc1ebb8ea36274f183236cc309f84648e97c79ff85884b3a2e687c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
426f305d38c245fbdc1d46ee687850e7

SHA1
b1b4c1656b54398449cdfff02dac48040c6eb2b6

SHA256
73bd8708d7f163fc63e5b49ab5449230b684afc5a0f90606157f1bb46fe43b21

SHA512
0c0581b67ba1db90db1d67178953aacf138bd77af2c3ce2ac10940a5c920176f7df0e38fe0a80320ccfb014e788b359162d24449538ad67e60e73921eb987947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0594acc92dcfbb5568a5de7ea1bb08ac

SHA1
0c35d4cd719e107a36f4aac92f4b49b1e9686673

SHA256
90079fa7358c65170b149fb0339751f31d00f631fc7ead269431c4e761714693

SHA512
d027224b458ba58b3d33fad0ab8f544442121e025bb08dbf9c7ee68683ccc76eff18e73edcc05e49ab3d4d831ed2cf01c9f1d6908854a1568a16590ce8f39215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fdc2bc0fc287e5aa0ea4bb979d8df41b

SHA1
da20857fe9a289ecce0705b415cd0def639390d1

SHA256
a00c706685634b918cf9cc323e61c0198f0aaf05403794d454cdee17fe37eb65

SHA512
41cbc411335e9c5087e93a631c8c424c9b320e9acdbd0d1f6d22a8bc3fc489b0624bb686ffc5bedf1d7539ab18a31678f301753dd5c25dcfd5c5df723602edc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
36b09cba0887f9f45dc78c0318d05b27

SHA1
e8123a3503d283b3c87940f5ecbd51326c961e48

SHA256
86aa39c7d377d7a6e24792a06a03fce36096bd76946ac9748ffb315a2937ba31

SHA512
f262f0dc5d0edbca4bdbef6e12db5dd31811432008fa1aa44766179b2c8dbb1ade39eda416fc2a9487966dbf357feccade2897d961e86627e750654e22579b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b3ade7c923235d52b8f7cdff34afcd63

SHA1
973f9a4b532acfec709eae54f26ecd46d33f59bd

SHA256
9081c527d7974fa7ab5d58ea585cbc2bd200e1be2b70fdb0d32e1ed37d3cd39d

SHA512
cf10effb3613b6b7c3d8cd9f69c5fca8fef6015867d933e3254c362bf63117b113dcfc105f4f70e035fd1ec1ebe58df1ca921ede2df1e066468800c778bb387e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a1f31e12da672ba3db89db3b5533419

SHA1
fdd828ace93f65277fd4b1eacf4d3e021012720b

SHA256
31c50104365c1dcacdf6d8e5c1cb2d3da1c5daa09dd1c158aed75dbd26b5d6ff

SHA512
42c9a21336574379e6721d5291867c62d3cc4964fb1316f36478c2f6ecdb61a9de47fc500ac7b9337000f3d6ead7616a549b787f8cebfc1286acb47ea995d370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f908ddd5a7f7c5fb1b42f8218df8f4aa

SHA1
92e6a167f8870591ffb662a526c41c1f62d36f20

SHA256
4697ef3016fa2d2739cd92f23fcd7305732f54efdd3e432c12d81a6f2ad811f2

SHA512
bf99081380d5a9e608a8ed5ba4a5869c0a07ad284b497fe1f196efe9fe476c8c919cfb002adbf9dc5b9d0b25c74d95c89d99600811ada9d2409bba92fc01331a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
335b5e8377ce4eb2c652fee905cc08c4

SHA1
2069cac512b1f53f820b5ad96f2ac6dd0eaf27a9

SHA256
6fe44d3a0bb35dad60bbabeb81783f59a3879c88a7e70b3a5e5e5409de287bc0

SHA512
5173b1d52fcb7862acabfddf782bf5636575841f24be5921dc66148ba96fd21c44c0aa194a300e52047a7aea5da5ee5de63b891c5bfb287789c89386d7019372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f36b15357595c723349a3326789191ba

SHA1
d26e248398ab4fd9242ea4a8aa94741e12bce8ca

SHA256
40b57d26203ff5ff3eaf1e19787709ef03babd049bf7d2e4ce1257644d369c6c

SHA512
ffc294a90ffa08428cba77ea4411e42e69da2c01d43f830a89e00595df421d80632bb345acdeee95f7238f7d1bea9b3a1e65955147cee07724a46a18407ce46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3cee3dcff17ab8002b66a83b5bf409ce

SHA1
5c8e78d58d38ca2dfd11f78679f6117df7afcbd1

SHA256
1061ea940ad7a59548b7dc95fc6fa276605cb7f23e396e25bc1ea726544edaba

SHA512
96bf6838172637fe0aaeee7d0d4a633d15f94905cec4fdc76d3584aace6c994e7a61228630b62bc5bcb327259fa030c38e5d9d4f369ef5732964ba2ce796438a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
36ebbd5b8d47e67aa7c4e06e767394f3

SHA1
b0f02376e716156be94ecae7a110f03c791ca29f

SHA256
d67f7f015927a337e0a2d246e0e742a3a3957bd750553fb464dbd5ee0f76e112

SHA512
62e40e305c637b051f2ab82528066f87e8a03557e816cdc1b780d95f7499408b1180161c3d0b694c5119189d2d0917626f7359c4ac13b7d15c78e0ca140f7bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
18906dc5a6799e9bbd87054788d54739

SHA1
1296184cf0036f325fbd63bca619d62661e1d950

SHA256
588d44de294f6178a6ebc15a615a51d61e58af68968b0e1d9c58565f71540adf

SHA512
04055f5228fc69e2e143d51d979b9d6f025da046e5114c879562329f25e23669787adad5eddb6f2332d8a3eaca61d35583b73926e52871bc52ae52574306f2bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f3a1c1ca0613853c26ffa652d64c0cec

SHA1
7c7c5f3180491bb5272b146dba36de2a40bc7161

SHA256
838bd644ca0cda316149f7b8a783f5c5709dfe5ca3f4616f7ccfc3e950809872

SHA512
ea106b2c83a708824ca49d9ab340f4ba70e0afc01d643f3035defc3ad0eb2d9c2bd57af8e596a6439cc96b77b390245d1a799a93bca34d5d1f7e31c760a16d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
12380f98972d7b27b8a188c773b90772

SHA1
09f7ef287334d7515ff58e2323ca1b453205a9f3

SHA256
cc2c8dac92683cf02e58ef5d909abc2ec276765fa9596225b4a8a3df224dcfbf

SHA512
83b71de3b180c1349b5ff36504f3c485ad9f61f7c263d52941c6f9fbf252298bafbb52dfd4776326614db26e361a70c2ab6f6d0fab0ad677f5d54689fad4defb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
52db4a85c660cece7893ef374dd893e0

SHA1
8e8b69897db05f79cbfc698785145e725908534f

SHA256
31980efbf6fb1e4bb1182c1ca52c67af7a3cabe7b0cac3fc2767e00f808ee764

SHA512
4c28553b7aeff7d7c85e0c668bf86fa3b8528d308cfac4501d454c9790cc74932c04c2f26aed48af8b8d5e4c99800cbf7a09f550fa8f7a2efa6c3aa354de35fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
7d25130051bb2fc8628fc98fdabade99

SHA1
a59701eca8dfaa60bf7c2b646c7fd7485fda94eb

SHA256
3baed90d6c2824cbdd746ee7a41bf497486bfc44854bbde2211fe8b4b2e6558d

SHA512
83088c5957e5a168e0d8bd0bf3208c5ba4efc01520eefa6b8d4f6f0b1e8f57aa7c9687d78c6239dce017a48cb01710fac40ce5552e1d6d7f4e3c18cdf80c49ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
a0209cbb7ab617ae8f72163367d7ebb6

SHA1
48f25d293640206536c4f086b64731966c9a842a

SHA256
641dccaab3656d3396d8fc3d66869c26abb715b0ef8dc680b9e29913a0387992

SHA512
ad914697d828e8eb8ed57cce78e901ada3497fd74253675e2d6cdba5e4473698df838fecf1a6610aa5fa39ff4410d7bffdc432ccd161a1e3bde69dd8fd7e5ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
5a26db3c207540188a94c26f3ad9153a

SHA1
b491157e572f24bd02d01a97bb56271d889ea216

SHA256
136fdbde1793041e544e73bda3318a9bd87ca3cabe22608e2eb6ddce055e4456

SHA512
24cd16883b9a007e2822a707a3259264e1f5187528d03d25690ca703ce5c28dd28ca08a55c4867cfb55d2739fe0d6785de57725314e2c55d833bc5475b5b56f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
7f8efa69785e94c7dbf1b09f7402cd80

SHA1
798f4a6afaa17e6d1940d4058772aa2fa179df6b

SHA256
d3289af0270875d36dba75511dbaef97dd095ae801c2c71d511ecda2042718aa

SHA512
43e1587e3d3e592a1d7cb97bb885447b6f4c4dd00dc7b1a40166569c0588211e834e7ba7646b1f3bf48532e84c54eee399866bc3244c11d90de7a536c0015fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5a1b3ceca450a26f483cbd8f298e8d4d

SHA1
81249b36d87e5966f5298ee6a67172c979396b91

SHA256
984726b414101f9dc289f15fa339ab65a9393878c4f4bfa2990ba96d55850d8a

SHA512
c0363aee63f0dc564d8235fbe0f597b84f2d2d090726e376805096b23aaf96863b22ce940b0f2d63ac20c06a9b02d111aa24d70cca6eeb6fe4cbf22249724b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d079cef3d5180f7771796e72bb2a21ea

SHA1
833ef861f4fc785e8090b5675a7e6ac6c121c233

SHA256
5b73729300d60d063b62e94e00db8a42c828862650296e003b40256f40cdf89f

SHA512
94b05870effd5308b47a1ac6b9d2e8ae3cb3608596253b9e400831caf14d1e2939f860729374e9320b8afcfc6fe9733071025d3a45d459d9441c7cd3f0b72c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b07cb2d8f1c33675a598c7e432e4a5b4

SHA1
eb5481d1838f6a122fe85b34d2994abc3c34dc83

SHA256
e0efe0aff0de32fd3b67ad49d5f40c8ac089e61e683d7d2671957ac4b30901a5

SHA512
d45e9c8b70b5389118e1241fce566748089c77e300409ec2379f7964814195dcd53780b9c97d191276df9d2193285dbbb57d297be4c12ac227868e4e66503821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6f0f1e2a8d2dfd5e52434221598100dc

SHA1
86da19e8f52047c30475225c7c071c0e1eab570d

SHA256
91d8c04e2067293354df84c75d59fd77286f1cbfa48d49802e5c695457790775

SHA512
e87286d7a4ec6ae55b560c5d5043cbb2c02cc309fde255b3fcd37bbddd9f289548ae7955e558942cab6f4d5a4c0e1b7db1222ca41ca7a2f92c92720177d4951a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22950da0-303c-4eff-8519-b1a6bfd702be.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
328B

MD5
c8be40c5024f86a1edd46ae5a6e703ae

SHA1
bb305dd1b215688cb0fc701987f933790df06703

SHA256
2bc8798312a3e4314a0f8de06354d48f865c50970b00d961ecfff95f06c4cba0

SHA512
554fa6455b9c569c046df4dad4bdcb28c4928e95420ef8f54d7d3152ca4867bc14b0378fc3beeac297f2bdc004c48ceafeeae1d30beb64fbf35a0a54f7145a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000021

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000022

Filesize
17KB

MD5
2edf5c2e4a979fa461b5c7ab1eea1d3c

SHA1
06fc08d349fcbec4bf40411a4702514d1b2d2128

SHA256
1b623d05c7f01177af22ffca2560eaf878cca1b8ae17c9b8db359203bf6c3510

SHA512
50e6929addbd1161baa0e3fc420510b4c9cffdf759b0c1e52e4c6382c293b2d7352e8d13f0053c4e63868b0970c692c43452aaed5e4454b73a4a8d63b4919d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000030

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000031

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
18KB

MD5
1c77d204519af5d561b0e2f1d5dd7c3f

SHA1
13c2548ad977a2b74bc1f077d23c7358a470a08e

SHA256
2a71a08f01af80a4baa01a08b5bb284a4fe50de59c11286360a2723b2a95d014

SHA512
42bf709c7c8d4cd105d3b01dc077d2a8ac4d2bf79206fc4c7d44af4e341c2bb634b4211892d540ff0bc3bae30ba08b5ba4b191ded15ccbd7745dd67a99a8de06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3ceb332403437013522826c92f7230a1

SHA1
d887a2ad9c84f3525ab9bc4c3ac8c1a80fccbf9c

SHA256
3bcb3f5887762bd0bce461d79ff1d52a955cfe7cc01baea5ca2e03d12d6780ad

SHA512
6d6706d7f9ff03c3645ac844ceb1fe7242a937c2e173731cb1c22fcba5dda46d7fe4dbafc801c25ac12689fe76a86ed6561cc0ac76b6683ddcd278de3d008d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9d710facfc5931143115f390edad8f25

SHA1
88f0b5ee5da5e6583c0937f8702ebe075275fed4

SHA256
b46287687bd394e997d269e81bdb119e710645d64ac00443bbee6560c0db268a

SHA512
2afe44eedb3e12da4397cf654dd17453eef3ef2b47e3f361769e437d8604eebe5fc7816273afd72c61b54782e559c1a6680384bbd4ff4c218f8da1b908097359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
eb4521213c456d02442617bf37818aeb

SHA1
a9cba492f653c66c72a683f992726fcaff9363f4

SHA256
ca3287d17c5bf9b45972872104b8366e62a7f7a9d7b478ef85196c0551298683

SHA512
a96a5f4809145c70a3dd3b8d05dcdf49ea414fdfaae3a69121fa2e1e9b712ed3af3a35d2a43ea281412d503486f2651471a05b9fe0a61057bea7c23edc247cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
55cd8c658b413a7bac2889e4d957ec00

SHA1
ff50a24b60ab8feeb41695d4621cd5b51ba35989

SHA256
82d0002b87ce916b5ac451142492113cb3cd73a6e0b39cd4306291d5344e8073

SHA512
00aa7928001ad19ccb7ae6423113f3e2b0739b396abc418991302d511c3afa48e81fe690e70b081f72f679a801b7cfa689fcf95e715b9df892d469169f7a59dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4165eddc42dd2c690696d6f33ed9050e

SHA1
ad83d5ee69317deab9a6d1c025e04561b9c2e5d3

SHA256
41b7ff72bbad2a54a01059f4f92bd947ab5a76c2f533b88d33f0b7cfca0a36c3

SHA512
bd8949d8b9ed5bcfb9bd3a5cd86167089e93fda7b7f607d568b3334f9f4dd0ad934a977b29d60e418adf57b1b49d7fb60fba03d87dc084ab54200b08b33609f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e1aaebca43a8a534b6cabfd9991a70f2

SHA1
dabdd0d746921ff60c2bdbad2600662a8ca8f6f4

SHA256
39ee6c75e6258b86a6e0b0de1957f8d718917ced5d5a2a0482a0a0304e5e996b

SHA512
d38e687c0fdc26949b34bf88cf2632116fd4e9ba177cd0ce928c172cd0e42b84a10943ed1b8f025cd8f19b0f6023b75d530f71354a765454d7cc100c13409961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b3b9dda5a1453db7fefb8a3c9afa6a42

SHA1
0ba8bf783edb0fc7ccc6bd43cd7ed4342ee99cc7

SHA256
f9ae32b373937e2b01c17ca6e3ecd5865f0822976edea89df99c574ede312cf7

SHA512
241278de60d2557f0c4c0bdbf35d099602009060a6f5d981c6b3636af790b0cb0386b60e06e329407d21a46382d6244eef410f410826dc4fc4b515a1d80bd5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
7db3f068bf5306afa9f493aa9301e78c

SHA1
4d037e9bd4d51d82124133264a8d539de722b5cd

SHA256
b6ac4a6acd16a7a27d6f8c1803002200fc45ac2498ae10d7190287e2f4bf1c57

SHA512
96501e757e88898a9c82679e6bcc81d16a69d4dfb53795573dbca7c7b9c5020da23dc0188411a169b9703da43d4cf80bf3c6b01b5e7131975104a54824be2037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7e72b3751bc87368c3053e8ae29a59a1

SHA1
e4a694191b9128646412ef90950f287659b0e3e9

SHA256
e5b3e76e0d370febd6f5ec2b1bcb1c200dd827c8002ef54cc12b374df677d61f

SHA512
e85af7fc124a95d125f0e0777db6cf6073fc13a5af1a12b6ff376182ba291aa15d4535a4ac1992f985565eef1f03cc90bc525a94a9e016d3c23b7f18a379b579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
76e4473647a6ebc775e215945fdcdbb0

SHA1
e3d01ba8b24cefb9bc39d529f1c4de2be96b9927

SHA256
c7436b94c51c60e23684c0ac8ea89c7e203eafb9ff8e28f554ce85befdc4e09d

SHA512
357e7e00b7d42fb7ec24020ac2e12cd4a4f159f0603603546fd0008727b70301baaf2205ff3f9af5cc54be46a7bb77c712e15b07816e0b975bed696f4383813d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f90567e2cf47943827082c683a42f589

SHA1
9244500772acd92df238d5dccff4183fe61f1af9

SHA256
cd4d362c786db4285eca4705dfb62f54a185af98b0fd2388e2788d4c2f1134ac

SHA512
b04b925dd55986fe963f206a5b2885e9ab450e362530665f9468ba4c3e5777e7c97b6175cf3e1d98395e444bab610843b32e2104a27d538b30c3b502081458fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9bcf865ec934edf8045ce4e3d3aa6c6c

SHA1
342f7c182448971b10890dd0cdeaa7ceda7c7987

SHA256
cda0a3cbda21a957cda71158913e42d73e896ba315c178ffcabce2588277a533

SHA512
f63cd9035b92a416030cd70e8338ec8c6ee4faa4e148fd29ade2b61ef2d4fd614cbe6a38a4beab508f03a300ba0ed2828e25e7a5f6d4d3893ddb3d1ae03c5eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a1b9ea8c909275d95acdbc7cb35bc628

SHA1
17866bbc356f20c39b1c5ba5f5ee48c8497040fc

SHA256
1d29bdca2db57a438f9cdf294bc3efa47c03a3a63e28300e9432f6b237e2b030

SHA512
20a9146dd2e3c51d53c8ed9a54674518997db676d7ade59d91e48627d70c17141eed5239c0e860efdacc45e5797e209c0e3fe8c271eff18c3215861906299657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
178c749256adf11baa98512f1ade8278

SHA1
52ea10aabbc41c70919d3d8bcf8b7fa7bc07595b

SHA256
03e303b9be97f31c8114ed596b1e0a81add8a89f47662d34aca6d8a70f0a0835

SHA512
e576111174b901c13804638bf9c70fffcab5720f827a485349d87b59dbc804e7bc5545a84a29a6c7a80a94d9547feb0a7f049da237adbc477aa247242e7c14fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
7759af11b6f85e06bf7c71aa515c5035

SHA1
df19bdc396a5de7b43e0106f8eff8371853141ef

SHA256
8bd0aac2597a425a54e57021cf855022fa91b6200c2b7fd05a83fd7e63de52cf

SHA512
e20da0842cd4b2c719acda179be2d955983acfce8846d73650cf7a70b0339e448f7a3f5a62d2656ca956f975e2a6765790c8adb448108ca33c779d0b820ff938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
66501394114a4d83fd9bfcae00e73846

SHA1
aaa301f62740e3b2aee41567d64d692a209a6794

SHA256
61c68d7a8b86a2b7dcf9e3403eecc8457b846addad78e71b709ac8405ffd9a91

SHA512
a0c3ff223b9fb962d0baa480d18a3b03ee25feb9dbfbc2cc6a9e35bc7b45070488a22b598a3176f2ea08fd70e6036358f0af7aefa1f50193e560e1726092b38f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c668b0f2e32b1841de9574556cc3f9af

SHA1
2cf69a6415a821cae840f727a0ed4be19a34d14f

SHA256
c73ddb24e5660e68de85a16271e82a06fc1a2dc74401676122d8fa2f85da39c7

SHA512
487bba7f1c13a2fb8f73aded6c7a371e0eb1e75218838f96be8569c7def2689c697f4542bb24eef6c5d339063c781e383c99cad459b8725469da089914ee8573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78dd10a4ffd8425059df04b3c64fb7d8

SHA1
826b4f6051a5fbc51e72501b551c44fb172cac61

SHA256
4f7e1d71e2a2e12d603098749f33476017f6747a4b039a7a39c9c4f5d82f37d8

SHA512
2c8c126d34e94644f5fe869cbac88d8c32404f54a7d25fde5d3ebcf503cf69209c4f967b035ac309d60b362e995eecbe1c7e65e1272f0ffd98ca8c732e5896e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2b5d75198266cd3dabc6eccf679d249c

SHA1
95667cdd68001cd17071c0bbe182abf28e0d8cea

SHA256
3071fcfba9842969b453184e439327784029f7af187f2740ce27fc3e8144d2bd

SHA512
f23f6e5a379747d6524c94b1b04f624d8c9c1f6d4f2d2ecce7da0bb4d82c274aaa0aaf31de05a7e0eea8133f28c5ab9b896a6c7400818edd0920775803abe333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
caf8985b2417b87975f4560f862b0bea

SHA1
5b5781659f17c4c8949757f57eb71bf2f4a843f2

SHA256
e82130363dad5f74003a267239f29572fa59f4449d45073d13984cbe51de59d9

SHA512
dcd525cdaae32032cb06f5f67c45712c5789da17ee29aad29cff8c91eb13cc155ea8d49688e0e659ca0e0e876da375bb6c4e4eabe5023331fe93598f407bf1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ecca07b8fa19713bc803118e335a8fbc

SHA1
35500c4af4263d71e6d53891dbe6efc7bb07b8bc

SHA256
9f161c5e3c95e5f5d4e65adf19d770360466fbc9d9f2eb5285266ddac58ffdb4

SHA512
02ad342c6fc962ab22f8b8095bd272aa8e50a45a5219a083ba1960de5f90d59dbc8d112c7da3668a430dfff1af98a642d8a93174c86ef7b58ed62cf36904e1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6262b43db204a1532303e14c5e0efd39

SHA1
39e0ffeb7d237ebad398f153e52144063453d99f

SHA256
53587d33b577a9bd9cf45e817f898ba6c4b0af60a6a0eb29e6999259e97782db

SHA512
bfa7f12edf8e1adffeb64ff35d693af6a3e24bff930b8ce33d27a2e41ae545e35615efe9f233a59c78be0632c24773ab233af66b7a511d851a1e895fff9b8ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13ad23e46826887a666c33c2645413c6

SHA1
089539fdeed1af9d0733c62d0149376df61175c5

SHA256
bd07cd7fb8e3bc082519c70dd387081437bb043105fd1cd61a53ed1a27116ef8

SHA512
98d79647d21bf0b66434c04feee40150688e403a924e585a70337ec0f5c542e567affa41b74ea5ae897eee11c94d0d7acfdd49e88e37cbafd1605fc94ad79ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
11d7299ee6371067db1705686b05cd7c

SHA1
5d353ea80992b372d407b92a8fd777e5cc63b9a6

SHA256
1cd88a8742325c7aa06879d266f45316db35c27a041b280be4c97ce33c78b434

SHA512
ca28c0547f7dd7c461c6b5ab181e438b576fbb6ba011ba8240b415941e6a5c3a36a5c77a06ea757d807b96c4f8c10a872fb80fc0d34e0914ae802f74294babd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fe3e05292f78a5ce903547658ef8f1ae

SHA1
5fdde731d746c13d5e25e38cd1002b20e391544f

SHA256
a7a9e62a5b202af2239ab8dc62dc9cbaf889ae906e4a5de2a015a2e399ad133e

SHA512
43bed1ddb21f986d459849357eba47d6c0995dbe27f36a49e516f3ba963f9914eb6c7ad55e17007adcb959c522eab046b8b8732615378957b71a9fd8a0fb49c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d146e72a74f8ef9f2eac1607a641196b

SHA1
4b1ecc0278a1ed6bee92e52e1128e76e393cbb7b

SHA256
0202daec8d59c2649b3feaf6a3935968cc627ef3dbd5fbec220398aa3c06e46d

SHA512
9b0c070fa165e16ec6d17f6b3466a8fef63f74fc6ee8cbfca67425c3b4b2331a48a7e0c07f7b73c54f70d534ddbdb0744bc39a418833fd55ef63af542b086fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
9e834713116fe6563b02101cc23c1868

SHA1
1dd700fd54fb9085929bcbb3e4f78815f189f877

SHA256
ccae2d919af380ec73a7ef64c081995f01a317a392e895cbdbc18d6008d317d9

SHA512
2c8751b86468aae7b79803ef2d81894e005346335d774d55b3810968277a445d2d2285199fc2c1c1ce94cd04b4c75ffc18c9c4d1d853329fa447eed1c4f9c68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
05a2b8a0b345cfe4032ee101b39df192

SHA1
f5b659e5b876a43b1a71cd1a9d11e01e6abf9079

SHA256
a32b70279a4d82b21113ba11d7c3ef9f62f712558a30bf8047e0bc5817d35343

SHA512
f752faf3040b9bf10cbb48b351459591c0adbff10613536531df47031d1ff735b02ed7e868928171a62731f34b82a63bce092310061f451ec4c7afc8c1a9f449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
7c272724ee7a1a52c739455dbb3a19ac

SHA1
ac9872e5c24c3b5aa4cfba9f533ba3017cfc45b1

SHA256
a130ae6f7e0c68edefa591a054e16c94ebc1239c7cffbff4671c16e793f1bda5

SHA512
41668cb5289a55d26b68fbd693cc7f797e3e1e948204b2038c1164581d2e485ba1acfd5b4449c305c93eeaa86f003d0ce444b0299f70b723312acdabe7f6b73e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
c3325e7ce7d7f8a42e4dac5e4fb9ae36

SHA1
44b85d2650e14b3c5cd05bc15c6532c0477802ac

SHA256
6b3c17138de7d58076c2923eaf855c2cf1612c41eed7460478fad2b49258c7d9

SHA512
13a07a30410bb9b6e1b57cb68553f517274bf8d409217e85293ea4890c3af5bec79b759deb4dd655efc4ab74d4edbf0ab3481ea384276484eeaf939191bd6eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7599e380c6c5754c5bc7adae948919d6

SHA1
eaa939f7ac017849b0579c9449ba03dffd1cb07d

SHA256
0ba62f9432bc96136add34cb13f655c43b71e67ed4cd6e914eb521ce03ba0b87

SHA512
923a90bf644a378a7383b5eb7e6dbda22e37a99b3fba02685cfed434d90ec29efee1636f04978141fa10035f27fb93aba866afa4367c5f801f9b2c901e61c8ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
737665fce0083bd14e0eaa8341f8acce

SHA1
fc83248dfa8213ca75cfc84eccd3be9d348d0562

SHA256
1bd769090884aa7fb31f445a040690b632f980f18b85c228d728d6313549dc15

SHA512
de98238bb0c637d0fc14695999b3765b3dfbf7fde167e82ddbff24606d8da44b9d12b47ac7d43e34018ea0c01336e28df2de3243d789c3724a6715e84790c1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
15e4e611f142049377574ba0b7e6d0bf

SHA1
80048141ca4d2b071fdddaecb838ac6d278531d7

SHA256
3ff176493074b059670008a045ab6fb875977d3bc4377c46c547af57df89843c

SHA512
08da3a331d91fb74c4ca75912319ce5952609f207cb28d94a9303b5a7dcd0aaa14073fa25214fe6569f5708e6b8d83cb25ff8554c6b0e54518668eafc5753888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
134dc815fd05b6272a7baf6bd6c2be5c

SHA1
c12a0d14baef2a61671fd9f7a13ae62c86f3fd44

SHA256
b1cb6f17a12432c1fc5b44144bd970b3c003f3a98f60310cf61aee9003417d9d

SHA512
3ae2ec743e364bb6eca94cc102a6651f7515e2842496dba324e1dcaed35879726b8a0359b1b1c169620d8f3160784e7a6088a26db0429682a7ae6784499d414b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
2d1259776f717c92b4e70cf57c1d76a8

SHA1
6f4a5291fbcab9e12013535371fabaaf67649016

SHA256
9a501836d3c03f210869d3f985b3dcd298d5e66091cce79f0f697b13234f2f42

SHA512
69bc6dc01666a81154d6f2d545afef70432dea3532df0acbe0175c598b2350832a6b00afb3fe231b318d6ee7ae9713219d4cfbf505ec690bd5d08350c2e4eb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
350ae48741a587a42c550dc696e989d1

SHA1
4b010a40030432a9bdd46e1e71673e5eb522d707

SHA256
a0a1cb21863cd840e1529861ef8cd7f58e88fd9cc06fe264195609dd55f3d522

SHA512
74d0afa80e87e9acd58eb9b3070ed3d8f9f4f851b5adce9ad6c000d159d50cf9aa6ea792c2171254243821d42bc035754a871593e38aa4048b1a76b944f993bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
488b7278a03273fa0723b4cdb375a72e

SHA1
9ca64aafdd012a05237d3af47596ae46860a7667

SHA256
61fc8f710f3cd6ea2232daea4b86380e376f8bb2126e774c1faa7b8dfe819a40

SHA512
555c07505c52b5251e2c062a68eaed311cce881a2a3a678f250f4c5ab189352591cf3f12603ec82005231a28f99c919070ddf8f4562114e0e16d5b43a9706d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cf99ec9b3a09b0bb7c40b58dac20b10a

SHA1
082449eea9f217b7621fd6221aa533b094387cb4

SHA256
cbd0f7b3328388e48e094f84bdf1d96ebeb2c4b652a4b6839ac8271425cb3270

SHA512
72ed14d06037bd5170e7f5fa1372bf60f85954d68e4ab8398d3532eae5d9e397ec906a00594a88c8f248d50bd57293736559971e91fd0dd3f16e25113cd9798e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
df6a43934f882764fa38e16f96c17e6d

SHA1
72e6485f3b18600a3a185de0061e76c89da986f7

SHA256
70ad06b3c02b98fee985cb6240fbade2512c81dd3b0985e80d3b41b92328acb4

SHA512
23a0547b37821ae1f3f4712e95a9ba05d8d117e12d4674d49cdfccc24efc9ada7c58c9663af43f5c3561e39f4d2c0be9f2eee660b54093839456b7c1145acd8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
26cdbb7d7391d7809616757aaaf35060

SHA1
4287095f6c66fab8293528a981cd144a2eb3bdef

SHA256
ca8f718d9e29605a9d693278f32aae8dada41ae0bc6b9b46d2ddf90fa3f40bf1

SHA512
46e4e27e9ddcd828d536745e0279f0bccf7421d59eeca6ac5a054bad8b68a1055bf5aacf448cf5766f3a37cc52468ffedb50cd009285244226d0c3edcf4d314c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
77KB

MD5
8f352aee3d4ca7d1350aed3166f7b64e

SHA1
5f302a59522c2d539482c5f8438aa2b0309b0a7c

SHA256
5009d81f5dbb8d8373877c4281c49aaea028559709e23da2b3428878de5f0bdc

SHA512
1ec6f903f4d2029316c288f1518582f38ff632f155472c3817b4d0bd62fcda81e583ea7d77068719da954a8e0c84ae73fb8c2cbc1e98ef3519de66153dd14c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
74KB

MD5
ef901b0827c95d8a94c59636fcad8659

SHA1
8327479f5e078f2789fae3ac00a04f5a361be5e3

SHA256
75838b9df77b6d1e54740bb583f29f345f0575653d68e832f5babaa4a286bc74

SHA512
f5025acec014eae31fbb52c4a3a692b11e052c4a8124c166268e9f6daa3ad4c01d1276f0773b5ae49d2e1cd607ef973c99840e81768d9fc082c9e28c1d439397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
74KB

MD5
bfe60d6b2790a784f947d006bff91617

SHA1
30b77c29389272ca7b9e950ff0220fe45e355679

SHA256
44bd3e5c8e79f1383d06324f74074638f567210c8fccdb3bbae931750618465e

SHA512
6df9abf1673d1f254e947ef468ab68ce6cb461f518db4e2f8cd83c08a453c0a8e2ded66549704a55d6a67faa19166a4b62aeb09471fe311eb8633c327c1c84f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
79KB

MD5
0636440c5e8aef45f78f96c2444e0c0b

SHA1
fb38c115b9e99f0ea601f7104bca1ec91387523c

SHA256
9fe74757cc3b935922f56bb31040097d68bb740de69219eeb0892aef9f6dbfeb

SHA512
d052c5e66936ee5d3976b93a38a4fec49fe4690a114f5c12d5fdf7a775a7f2698e55ad7c944ce06dc2076b820afd8ac581adf18b227044b2be109382b51d0f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
79KB

MD5
ce758a66ac817da2cadab6881300e345

SHA1
4bbcb6bc804308a6750040ea645a74d2a6901305

SHA256
ef6a8f376f593bb2b2bd34c7409592d1ae7f9d63e353f2411203a637b70ff2ac

SHA512
8728accff5785e0244f01bc2bfc272b6ed7f629fd47c579ffeeea05c8189ad92c625c9246e22a1948a39dca933a8a4cbc30fc62e33c62f75ca1d2f189d15023a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
73KB

MD5
c8e4f9b812eb00144ed6bab3e22c16cf

SHA1
8ed45f2dc6dc32bf3ec67bf3aad6eaa95ec87471

SHA256
bd538a9367676e8e947dedf190659a0dc4350f138848c4294e6be080a013985d

SHA512
aeec3376f8910860ee65a8ec3b2eec1e40dbe74347412533b5d685f3cc3bae35a304ada4112432958daed2ead5a8580ac1e7590a0932fe2392f12247911e0fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
79KB

MD5
512614e40fa9681f7dc1a906d805a735

SHA1
8299e4431da1b8376dc61059e18f355c4175b7f0

SHA256
6c35b70b0d70729f6cf36850d8dd4aa1a617a8adda7fcbe24f83a09c932d5e9a

SHA512
f3d94d157e79fa1b5f9739451af29221c23e2a31b4737f3540334a9298d6ec995bc712609b863b1edd1bebb8b0b7dbe02c2ad73355aaa7e8735a7ecf2b45c3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
83KB

MD5
aa11d50bc2e48678929eb429b69cfc17

SHA1
c25031cfead3c40056ec4f16806ea49200c6d997

SHA256
ff0a59b5c639e2023b84539526719f3a4fa696b3e35186e3e3299c4f0d38309a

SHA512
182c41e3cdb4242090bd3f4f6d24362faeda058adc3b784397d523c3dc75e68c29814384c752ab79fa07ba0fe07ff110d5a296aae40b327ec7f007ec170a3e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
79KB

MD5
ecc4dd0bf88a29fb4d8a802abbdaab08

SHA1
1d01d6466ea4c554e769b90dcfc10ba69296dd12

SHA256
33de7cc36dc5ad698a149f0dca1283f89372506aa71b74d3b2664bf668875152

SHA512
714d3da142c098cd784609f4bef8a32f357f1402cce7774b9cb83ad0dc99acfb430984cc4f7f0a3d1af27769c128911590da237a334ff881567e9c8aeef349b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
79KB

MD5
71b259db9097bffee52d71f75baa4c72

SHA1
a025274e9f4284c6ac9cfc1e04f36145c903da7c

SHA256
1f5123a4a4045ce142032aef1891e6c08540204df686dd7b26de7856021060c8

SHA512
344e9c62085ef3ecd15a7b0be680634845d3509c1b22a774e1fc17681663a29833a3d22872fbf4783a71ff90a7ca9caad659df5635af0750ff56d6ef4824b5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
79KB

MD5
021aacd84da0eef8402f9f0b0f8f0ad9

SHA1
2bd6de7c4ee536fdfe07fcbdacb9712322e2ffe3

SHA256
c2a97008d5984bb9654daf3e5a8c44fa9b13fcdc6d38e726cd54b255ac9e1e6c

SHA512
b0cc5641ef411fd3c1388a33875bc6974c6eb66bbbfd49b6b42718744160e8acd5ca91bc63f13a2fd3c48fcbcd8d17a4fc239f7b727335fff1a78bd348c81570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Filesize
9B

MD5
b6f7a6b03164d4bf8e3531a5cf721d30

SHA1
a2134120d4712c7c629cdceef9de6d6e48ca13fa

SHA256
3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39

SHA512
4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
7c61c7e1afbb54674a237594c9e59e9a

SHA1
8f70e5de706e98f1fba2be5296a382e4188aa178

SHA256
1a1c0125eceb4f27df955cb0cd1f6cc2152f3ee9b29e0ca0e80f484f0211c21b

SHA512
507473e8239b829e3c040e766a2c34442f445c350e5c07f0e2d1777cd6bde6ba4ef0af61cc9ae39c772e08893f43bcedf1471909aad955ff3e9e58e602243606

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
44b0af2e30913ccfd9d3018d2ac5ff65

SHA1
c8f45aff5605bb88fe3b65f88237f15d76e8e8db

SHA256
9958418266decb96aa993f825b066380e0ad487b75ec72712f8ce4c2fb96fbcd

SHA512
4655d19e359b50ea036d9586710c84d84c77a07081700ddd763fb08cecb4ef2f4c773bb3a0a7b9d4b4924f976d4650d51120a78be0f3a9a55683e230c7106b12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19

Filesize
60KB

MD5
98aa2df0d8ca6a1ab39b6a97203f4f94

SHA1
1dc8774b430af3bbe01b518903f2d9c0be96e477

SHA256
61b6a4ae7c0802e68cd043d8d54fae3ba9dfff0f2ca1633e89ca88b1f3b92092

SHA512
beb4a0d8d7082e4b46b16832147a40be6817f78f9072799cf614ff063a90f88c14783e978b3430f4e86f354a02a14ab64800632169404e87f9c6f0c698fd8a39

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\981FF3057E35D6BAFA9551BD06F32D0A288FBFF9

Filesize
13KB

MD5
d1cfdb0983c8f69812d644c911fbe13b

SHA1
5f3e4e9e88339d04447a7768cb983092268f0d26

SHA256
e146cecfccb927d4f8906637db2faf64350562894d95a0e0193d0a289dc12289

SHA512
5a563c76e74dcb625bd63ef72112785e1132ce08603b5104f7e1bbccc531e91ee0fbad366f46b6f6547afda838d0917219806b7f1ec2afdebc2765814cc76ca2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3

Filesize
16KB

MD5
50b8e77144fe9c0b60a140cafaab7d40

SHA1
18edfc853360f888ebfb2fc5709abfadd2471361

SHA256
e22caa20fcd37f6dfefd325108c4366efd12d2a3601d58aa1ddfa8b7065c7e5f

SHA512
534001e9655652e358962a1c77e05a8aabd3d0e7b8f95fe3a24c670f4b6a68771836e4880409ae563e3e254eee2dfb219ba762015c52c990e0bfb927b5fa10d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
fe1e58a7f73b422cf71dca6bdf33eef3

SHA1
c635acfda6e9c48f76e26f3b9c1c0810040279cb

SHA256
2d0f3bd33ed60c2046c4350005ea77e88ec69f13ddc4aa1807fb8c6682941f5c

SHA512
64002ce4f24924e7fa1d74f83fb438efd30a7e4715f6a3409788106338cf64973a044bc603eeb89f20eb7c50db2fce58ec785908d6633c6c4f83b6e1b2b51ac7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
c36b21fbf6ca9378e378047dfb292a59

SHA1
00b4c4c73e094f0ca50de86d35da29d96df7be5c

SHA256
07fb378f42dcb8e58939f9888e96b2c627598ee735c569e4b76eaff0a7efd652

SHA512
c914292d0230481c7e02472c8e1c84baa408a5fd85b290ce3fc76f799a4824de008a83746530b38fe20d5bf7576d09a0d6f749eac1f56963d81a8c3ff8d2e682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
7KB

MD5
891197a5b3267ded7c4be37e0204d3d0

SHA1
cf1ac8e26fe2af0b1396cbc117777116898b8a4e

SHA256
e7e09d58743d5e62e8134e98dd1f86bd4220ff73b369903c241d9eec01bb8261

SHA512
12487068af0b44d35a1a6033757c44f208f293e7e5b89f4b9f6690822d259db6bb21b84b3e4f66a58d774a8ef7868f09923ee2e62ff12a7f4d5f3f24e3baf192

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
12KB

MD5
4c425b9d44e6202242ef0ba60671de1b

SHA1
082365f3b3465472be9448b9b24770235e882cae

SHA256
ae6276a8621b71e023d4c22ccdd88abfac9194983b365ca3fef16578799da507

SHA512
b526f2419003cc169bf368e6ee2928c321d7b7805bb2df00ed6d872c81678c2aa44ea8db587a58f995f90936e8544cd1745a68d80036fcc2779fd62d69138fbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\bookmarkbackups\bookmarks-2024-08-07_11_ur4QAd1T37d7n-N7hRALqw==.jsonlz4

Filesize
1008B

MD5
99a805992ec9e668f077d145f44c7772

SHA1
e12680aa9442d649197b0aa95c7dce714e469c21

SHA256
de60c0ffe55b67100bfbcb3129221cb3f6b427ca3b575d0c1f9f3d634fff054b

SHA512
1a816aded29b43ee6f7c436e71adf8621da746e27626eef7fa7ce3193b4938f8fd17ef464df715c13d6152fdc64dc69c61cb790ce504436b265ffd1fb064d427

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
945066c4a20f19a93b4b66dfb51f66d2

SHA1
1a4d350f32594df10728f573c0604cb964ef4dc8

SHA256
29702321ff3e07d151967e1be0ded58e82551513b0d729364d4905e009ece0b7

SHA512
a1befdfe4745120da70f79d0f8229ca3a2a5730651893763dff7b84a849f0a0f09be9f250af495df87b66efdea14d157f083303f1aaf01d90520c6e062bd918b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
4aa8b9fe5f0a9044e2571d05a68d1d87

SHA1
9d1839c73676cad14dadd97eafa7f0eab5f78729

SHA256
95c7b962187172569674cdb8b28bcc002f23796c2c95a2773535cdb5c949a373

SHA512
1b09f0ff893b46fe062575a6f1ddd770bd236cf16c35e0fed86f35f4cc515dc45a137791eebe260b5339c20327ed636e79bfa1d20025fa7af6b66aadfda433a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7f1d88e7fad063619407a1e6b411aa53

SHA1
a9674c0e8b63776a333e6c783b574e088f9e8d70

SHA256
d4d5d18900035b3450d5a46028d70229a1050f6875bd084d7db79fb401b615be

SHA512
94bc857ef865f5872ff29eced55cb74289f6fdedcc3380a2ac3492bc20da741ccae10c2958c70e48263e7813d767fa5befc57432525e19f730198e2ca3d3d0fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
38KB

MD5
ec9d7d075ebca2437e940a778a58c84a

SHA1
3fe40f9d0103292754000d7e700d954f4b1506ba

SHA256
c5b73c36d70b028ecdd8ee7707f599ccced613570c258b8d0d510fb611e04388

SHA512
237c410918ba436f18990a57d42ef77a1391ab14a97aa4771084fa7eaab2db218ab3c7b0f0b05bda51d64c84c8134581f29be5582556b6ed1c3d79ae8b707bdc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\20060404-b8c2-44d3-be23-068686bffc1c

Filesize
671B

MD5
1a975c4075e74c819a7c0e85dd77c787

SHA1
c36f69053892fa8827005703d8ffa5095dc51210

SHA256
cbf5043c3d7f0d2801c316dda659ba1f39b512092b668275daccc15645a4ac9b

SHA512
32fd4327fc7304a3c2f922adae8ebe59fd730e6693aff9ec794a7abaaa5f428ddf312475bef689559464ba4a2865eb15d689d855f52e71fa3433af7f7ba7d82a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\9ff82b36-b3d2-4624-87d2-899cd40dc106

Filesize
982B

MD5
c86c4c1b80cba5208b3cc7a0c4541841

SHA1
7f9a54245126198ff28e28e2929cb4cea7c872a8

SHA256
b9079a3c8b31228afd06e79ed799b4c685b0f215b9ac1c149a100521172203c3

SHA512
175422eddbfa62e185362998f26740b3136fff24f9c4e29f860bc8d59d91bdc1891ac993d29319b9ba52525313d8027892d6fab008029c2fd7ccc3f98ef1d46b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\e9242d0e-3ec1-40cf-bbfb-f252972dec3a

Filesize
27KB

MD5
7b6e6cf510393bba12d70c1e3943feb6

SHA1
5597128c4057bf131c804e55476e4123e76e8a46

SHA256
b3149bd12be7f8a063af42d8d5a5ef40b76001d13bd0f675d6df9dc171cb69f3

SHA512
bc64ad97a7844c11846dd69cd92a3dd92ee82de5030c2f6c0d3c9388c4017404a1efee64b315f1189e2f91b54aeeefdcc1e2d549677359de78a39c9accf008c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
13KB

MD5
9ae3d635a61ffadbdfca6b6ce5032e5f

SHA1
5ae8cb0ea40effea6ba8d85d2897f79a70348ab3

SHA256
ce55ffb091f39f0104e85b4231825bb8c49b24e689437084d25acc58a457e4ea

SHA512
8a6b5898beb3fe210362d153a83cadb2f7c370084d5e04317422401b9263a0159d248cbaf109ea250d01e9e5637741271247f36014f8cd5fbeb5873491b167ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
e96a412c2506b6a9886e831d82f2a778

SHA1
318bbdb040d09c6f85b49bc9b598b231a35bcab7

SHA256
ece1f43cfd6a7d4242522fff7a0f23a1e5fb5fe54af06f92eb21deaf8afae43d

SHA512
cf0c1935d08748459604bc5fad6c7f4ba31770eb0d200c860a9b32717340c7333df3164c8d050dad33754a9571590222a1a3f761f487d97342e0e4f34e1a9821

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
0b038487152ad7049834e9191d79f7f2

SHA1
f2cc8bc101e75f48516e51ef046eab75002f53cb

SHA256
b9d88676e7a7d8d99ab75d9a23ad4bd012be9434c1fabe85bc65cb463be752a7

SHA512
11b57c3d96e7f70eaadb44e2ba0b62c74c682024fbc75f5894b916574ac2450e017f055d2f0625ba80ce5669be0bd09f9fcd470cbe43512370babe74d6a28962

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
836189a9e74ded5aa34d05144153850a

SHA1
89af07a3380cd29a1f17b4847fc5c0a957e710f0

SHA256
6f7bc9732a0c3f434c628f726c3499d918423e488d8dff8e480008170665cd0e

SHA512
53d2918d1fd40febd06bfa36a1caac361fc25061adfb2779c22a6a88ef0135a05af537d52a887ccebfca132681e729d4465d351a3d74d18ad65eae0cfdf7d213

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
9d0575fa4ff12e889b96dd4ea7b158b5

SHA1
007ec00a694f106c999375b5722fc9ccdfc05ae6

SHA256
4e7ae856b8d864c6f3062421b6efcd22a09255aca59a2d50a627fc0b84eba9c2

SHA512
d52bc1d90de286a3faefa9be5ad3f88ce2f559b20b1abefaeb8ed009a1982b5e649f0211cfee1373d2ef4cabf6a327e32d1a40be81725e22786b296e3fb04cae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
dae0728ad2e70eec3a9f31f8c6a73bad

SHA1
e803523c7503be95aaf025deb8b56234bd87e3ff

SHA256
25babfab59ad46cbe58548250287f0aaf34cac7ec01dbffa97a151259f4dc875

SHA512
61b825eaff19cfa40ba18e3e93f8a23085d1856e66491b8574287f059f64e8811688ac8919d24f6dd486feefe05dca1d3bcd4f0a63aac3987af94a309adeb1fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
157d4bab20e6ae5c42d71f02042f4419

SHA1
fd9eed05295d9a2596819fa2517823564a03f533

SHA256
c58bcbc2ed954abfb516c8d92318a64a5d296535078ae7b4f853109421ae92ed

SHA512
cd95829889fcf6cb5ec424b9d7bfa90e4c9cab541c6d9a33dc12b3af449c1d540a63caeb653fd8cef4adcfee24da65cd4e4ab089605df0e125699831e9cf5990

Download Submit
C:\Users\Admin\Downloads\MEMZ-Clean--main.zip

Filesize
13KB

MD5
d51a7bacf19619a9efd6b1ca7af0583e

SHA1
3334824ff88a45986c14b6a6f70830b11d8a0bde

SHA256
aa50e181f9bbd3ed0e64f341224741add45700dd5acbd329c44c94ceb9fbc27e

SHA512
06a418041519dfdadc0afa60fbb355997c9113b0a8a1dd709be321738df63dcc8a2d8b94f9867ac66b9262b0724f3d084913c912ce61ad546f6d11d64267d9ef

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 433458.crdownload

Filesize
49.8MB

MD5
65259c11e1ff8d040f9ec58524a47f02

SHA1
2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd

SHA256
755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

SHA512
37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

Download Submit
C:\Users\Admin\Downloads\aadaca5f-b431-4b0f-9b4a-0b81c6d97aa8.tmp

Filesize
128KB

MD5
e857bafdfcb6e2123142df704188e43d

SHA1
8693dde37a4d22adff6967a970aea91b25b8ce25

SHA256
73b42afe7182aac00304a4ebb1492f9e68ee5ccb007eeabe812c024dd7334905

SHA512
94428d753593d634594dcbc38f71f35abc5c38dc866a356b6c5c71962837afe83ce5ba4fbc8ecba69a8bfd024290d5b5945b464c6ffb7356198c636c763b2b55

Download Submit
memory/4768-2326-0x00007FF887870000-0x00007FF888920000-memory.dmp

Filesize
16.7MB

Download
memory/4768-2323-0x00007FF89B180000-0x00007FF89B19D000-memory.dmp

Filesize
116KB

Download
memory/4768-2317-0x00007FF889400000-0x00007FF8896B6000-memory.dmp

Filesize
2.7MB

Download
memory/4768-2325-0x00007FF892760000-0x00007FF89296B000-memory.dmp

Filesize
2.0MB

Download
memory/4768-2324-0x00007FF89B160000-0x00007FF89B171000-memory.dmp

Filesize
68KB

Download
memory/4768-2315-0x00007FF7FA320000-0x00007FF7FA418000-memory.dmp

Filesize
992KB

Download
memory/4768-2316-0x00007FF89D7F0000-0x00007FF89D824000-memory.dmp

Filesize
208KB

Download
memory/4768-2322-0x00007FF89C220000-0x00007FF89C231000-memory.dmp

Filesize
68KB

Download
memory/4768-2321-0x00007FF89C240000-0x00007FF89C257000-memory.dmp

Filesize
92KB

Download
memory/4768-2320-0x00007FF89DE60000-0x00007FF89DE71000-memory.dmp

Filesize
68KB

Download
memory/4768-2319-0x00007FF8A02B0000-0x00007FF8A02C7000-memory.dmp

Filesize
92KB

Download
memory/4768-2318-0x00007FF8A14D0000-0x00007FF8A14E8000-memory.dmp

Filesize
96KB

Download
memory/4768-2332-0x00007FF893540000-0x00007FF893551000-memory.dmp

Filesize
68KB

Download
memory/4768-2331-0x00007FF893560000-0x00007FF893571000-memory.dmp

Filesize
68KB

Download
memory/4768-2330-0x00007FF898830000-0x00007FF898841000-memory.dmp

Filesize
68KB

Download
memory/4768-2329-0x00007FF89AD30000-0x00007FF89AD48000-memory.dmp

Filesize
96KB

Download
memory/4768-2328-0x00007FF898EE0000-0x00007FF898F01000-memory.dmp

Filesize
132KB

Download
memory/4768-2327-0x00007FF89B0E0000-0x00007FF89B121000-memory.dmp

Filesize
260KB

Download
memory/4768-2782-0x00007FF887870000-0x00007FF888920000-memory.dmp

Filesize
16.7MB

Download