hxxps://cdn[.]discordapp[.]com/attachments/1269199696426176552/1270787861007827015/BootstrapperV1[.]151[.]exe?ex=66ba3eec&is=66b8ed6c&hm=6119ccbd5e768634ddf56a74d01af05e596e7f02313706ac9af5f9bdfa608c98&

Analysis

max time kernel
149s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1269199696426176552/1270787861007827015/BootstrapperV1.151.exe?ex=66ba3eec&is=66b8ed6c&hm=6119ccbd5e768634ddf56a74d01af05e596e7f02313706ac9af5f9bdfa608c98&

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678933586701938"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 409857.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
3788	identity_helper.exe
3788	identity_helper.exe
6060	chrome.exe
6060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe
Token: SeShutdownPrivilege	6060	chrome.exe
Token: SeCreatePagefilePrivilege	6060	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe
6060	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 980 wrote to memory of 1648	980	msedge.exe	83
PID 980 wrote to memory of 1648	980	msedge.exe	83
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 4056	980	msedge.exe	84
PID 980 wrote to memory of 1272	980	msedge.exe	85
PID 980 wrote to memory of 1272	980	msedge.exe	85
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86
PID 980 wrote to memory of 5080	980	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1269199696426176552/1270787861007827015/BootstrapperV1.151.exe?ex=66ba3eec&is=66b8ed6c&hm=6119ccbd5e768634ddf56a74d01af05e596e7f02313706ac9af5f9bdfa608c98&
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae86e46f8,0x7ffae86e4708,0x7ffae86e4718
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16359071331936159603,15224277956427716325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad8f8cc40,0x7ffad8f8cc4c,0x7ffad8f8cc58
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3416,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4776,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4864,i,3742676559877786258,8501254174541919349,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3280

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
06f244977959de01255d0ebe5f000531

SHA1
9899be564134ddb29c8596ecf340c6965cd107fc

SHA256
2f3c5095d974a3ffbf79d360b6fae872bf40eb0ccd0c0173aba0f9d151f160cb

SHA512
3ac03974464f0627ecae6f7e9c6724a5bc70319ab10cbfcd1573a1e8e4bd9cc68efe3668343580d75339eb69b0271db17ce8e5b3881ab484816c56e34313100e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
268d7e878bd56762fd022750d9ef5371

SHA1
cfa29ffab30f66aebac1db16bd5c6cfacf593e73

SHA256
835099ab0a9ae03415cf28e216aebcbaadf6b7b94a11f0ddcb9ba3d56ba8359d

SHA512
2774968a1067fa5cb242f823293955c6eac42b53b7515207924864114a1c25cbeeb19b48992c5174f16f3ee9799255e1c117fd542bec25e16ef262e8c436ee8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d3543cbf4d8f640f557f8ee180b8a886

SHA1
bd3b88587c8eae1c9c335729f4e8c5b9eba789b5

SHA256
4829dcf36bc5c8029baaeef6e8610f3799aa982cb2c71889aa84204fb0440679

SHA512
195e1e8e56680d8bcca8bc49992ad8ec15a4fda297800773ed6e1c8b8f7ced7ae6dd60a25b5e515075113c1761e5c899bf8a63d41782b9c6c46264fcb1a6aa41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29ba607ded3ef0a3138fd7fed7ae4d59

SHA1
b2d5e397b97f9641e1761499d15bc2aaaca02a5e

SHA256
94f3d9eb18e8b7f8e87c0c48a7aee75d3e8ec4735e029686497f50e347c5c096

SHA512
6a345a2d0ac4f14bd481da95d7e5db5b15f5483a34f5d9840c764b3fccec52831b2c14f1826e9212d2db4d17ca9fd816490e9116eb2d418ab17c11a1ec01caf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb01cfdd71ea110d6c0c3080b711a108

SHA1
c70f033e515ec73bf60c181c3183a9d4feb6dba1

SHA256
66deb727e681024229fd76738d737a9fb65333238e54f4f3743f900f08499adc

SHA512
e565095f7661717dee3f65412712f1d390fc0864f7fbc575a697de4434aaeeece86ae22841ad8258cb2aaae2a05f669e07a37edc3659daf6a25e047456695cdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce9d63f855cba05f49e2a312e066f765

SHA1
7e33bd66e02a0090c99491f0ddc624611ca25463

SHA256
cd455f004ad3933b3e8ee32cc82d5508d728427e7d8ed7a095246122baa8d1f6

SHA512
07317c10db35049d9abc621a57d19000b97532fb039e6cef550ff1525163c52c430b280d370d183c5ea7da34922c6c4ff93281003da2d8e3902068283e908ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c4f187692fa08e66c86655c2a225911b

SHA1
297b38718b430e15cf8bfab935a9c8bc39d32fb4

SHA256
47d8f4562798b58c0758d1b0a6e9f840b06651b60cf2ac193f1da7adcc811537

SHA512
08bd38dd72dc3f08f53257aed4935bf95ca994e646fb9896bcfa8e7980d71aef076126afa394d040abc4281b381529927281734d27ed570876f85e8a97dc1e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
b67d97345bd26cb262c322ba96ce29cc

SHA1
0da914aa650bc851a59bb4f3976db513a6b6845a

SHA256
e8fbd7d047bdac4cbf025c03d24e09ffec66028688a53cd109ba2bc73be793f5

SHA512
2897ab0a5fa4485d5b2d441444106a630fd07f87d32e94843d5da190aaf65b32110868948b1be94b3f191c60e0137a309d0245ade94569d3cac42a781c448f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
0c7eab279c9b4dc714eb9c8748ade5fe

SHA1
0e94cdcb9ffa07e76039c499cdbd6e284e39b7a4

SHA256
8a7729a4c9d6dbc669731ba601d6726c16b0214280b22f398cfbeb6e90549cfa

SHA512
49295e23e265717df73b39c2fa2b3221f5e7d9be7c5ca8257cb119748752a2a146c176f8c6954199ca85e5e25459a1297eb45f49659b141966e39bc75b7a9b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
693B

MD5
adfef08ac6812751966d13b3f50e8cb1

SHA1
bea9a90da60ae0b10d7d36d0b311dd33d88fad50

SHA256
d58d0739be02259fa7c51586f90afecacef21ee3d4ec778f7a174b1a517aa29a

SHA512
77f9223826802603dc42f0e5749d2ce5f61bfecc6662cea66adcc430e6a4cf879ca70d5ee13e4d51232a7a46d23493194270eb3b194d3cc86b7abb0d250a0a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59f3964795ebd69b061fc2d84fe561a6

SHA1
4ecf3019df1e3f15b44d6c3d0a93f15b2ad015dd

SHA256
9c28301763371a2d3464a61d0d8be0c100928df5068fa877d219d79ba1836ced

SHA512
698b97fc67066dc230e4c8fa3518d5eb578eb162daaf5fc0dbeeec86c511b590dc060269226475f652af6c5b46e97898525158e7adfbe8abea4dc539321cce6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd3d00008f75fb0f50b51817e4959ac3

SHA1
45d0dd2d75b8e910113a7acd84cf8be4291e29d5

SHA256
707dfe12115a0145c0517c3a7d5b2a76ba08743581985e07af87ac25dd2060f8

SHA512
949ca0e39e900562c46dd2db65b50692fb848a48b7111d2d1881f81b8967824d1b6b64d4940afbaad01912a343a60e57f662ba263ee708ac4f1e9955e6bd5145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c7776f7a844d1c42ad2fd1cc65a497ef

SHA1
1342c1d8e39a91f8a7cba5f7b2e9b4528e5f345d

SHA256
49f0003170a712d0de01a3364d6e5095cddf8f60621b219b78e193b86581acad

SHA512
5211944b8ceaa8c021cafded099ff1851ce861174247060d8457b8f545f4c237436068b99d678fb10ff23434b5a3c8b6853453567158a7e5dc31556ea06a1b9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eba51755aa6eae76c7fd071f96999a73

SHA1
cc6a532b572de9adb4a953dbb67822624c4b7411

SHA256
a18dec13dff065b7bd8c5f22ee49ce7fe2e9f18bb76aaf7adb4d61be11fa9905

SHA512
b81864cb6f9a409dfba9720fa81f38a2a658dfdab2a9f660c0e8aeec650bcf322ec09093f1934eff53fec207f953096e08ff61461bf65f3f5a6d0e8ab7e10168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ed4462e9286a8ceaae8c4a16c50c28f

SHA1
ffdd4cda5539dac99cb35cfd6118fb0c2977b03a

SHA256
1d82c03717804d762643df9aadc84e7868068cbc7f6e00c49dc68386ef9e2b05

SHA512
392a9ab7bd67573f85bf81a9b41d9af1c334d187e335d2df76e3aac0a044aaefa18bfd0a60693f5b1fc1e794431dbcfc4c7d1d62538ec030b5e2509bb800ae6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5adc76a5b23c8a1fb89b5141ad74557a

SHA1
93fc1e2d63a838a8c8b9c7eae8c64694cde01273

SHA256
d1cbd5b46cf277c45280008d5773dfeb0de9af119b58d22cec23852d563a0c9b

SHA512
76798de9566acefc5aab8502e0979dd16d7a882a0f634958fb843de482c8db537601b0d33ac8e9926045f2b33935da937ceb0073e02178f369c69fa0c0a5c9e9

Download Submit
C:\Users\Admin\Desktop\ClearSubmit.xml

Filesize
354KB

MD5
260d230f199efeaab9691585a56b4f26

SHA1
8bd94f956345cf7d6e7eed6c953a5a069246e9b4

SHA256
410f80a177987a1d818cb0fb8aaa3bd60a76b98b3d8c9c58f8e598227bc7734a

SHA512
bf7f61b170b24d9684e7901d7e9a56d23d44dd2cbdac939bb0d144708a7503b8480bcd7d7f114dc39d433b708be42d57b20b3bd61118942a69c8a7bd91e142fc

Download Submit
C:\Users\Admin\Desktop\ClearWatch.ADTS

Filesize
529KB

MD5
2c296692db2170b1911f9002acddc267

SHA1
82695cf4023eadc9be6b40e96f0c1f62368a3749

SHA256
7323be85d07e4dff378af909746fc8d95c18f3c6d143037c5753a17032fb08c5

SHA512
17505bf28a084a489b92de63065a124226d437a4a00ad9544d437e214a9d7e852f54efbf7ded27428c591774dd6ece566527768ae3206f268f06c2a7aac2412a

Download Submit
C:\Users\Admin\Desktop\CloseConvertTo.jpg

Filesize
515KB

MD5
88342923075159a3d3198eef84e334e9

SHA1
9f2a181e488481f28b9710ec61a604783f89ead0

SHA256
96e1c6a5d389e46ae4b708a6357e3c97bb36467fb029002cbb03f3d4d6354bf7

SHA512
a4793a5c1a9e418387a5bd5879c4e27009b05fe93f25e3c50d2c5466e01f9881b6d92bba8bce6c7d156397c8e9240aa3a1c5a7686f57599a70a6d2321b8f3c2e

Download Submit
C:\Users\Admin\Desktop\CompressComplete.ico

Filesize
381KB

MD5
2d025d221c5fbd43e1a469e8fcb5e4ef

SHA1
795b5767f06e4187773cdad159b97ade6048d504

SHA256
55efeb4378de3a6fce90087cccbb0da26901e5b347a59c11bc1008c3a70c67cc

SHA512
dd2e4e3ceef68838027812dc611b4669f5ad320bbf878c94e3653a6e282b6d1ed18f22a4638f2741378d9cbf8d73d2cafbb2347df4555bd8d7c252c6c0c7e6d8

Download Submit
C:\Users\Admin\Desktop\CompressUse.xlsb

Filesize
274KB

MD5
805366c87b3e008af8b21cd881375ec6

SHA1
f1cf2de8ee0a1f98a1d0f6bf47237714c4473e28

SHA256
b811f985b04d022e75531a355cbd0396266a3a8800b60670aeeb09fe992fbebd

SHA512
e48d91fb302c0cc56c6c658bdadecf91dba03ac086aa8aeb949cf205f9e1b3ee2c05fc1459c269ae15eadf54e404a5d5e7bc1a104f8f48dadaad5c9e5bae8a81

Download Submit
C:\Users\Admin\Desktop\ConfirmStart.xlsx

Filesize
13KB

MD5
99b376c241165146794e41b2f35d4f2f

SHA1
c7375ebce753559f5c0edb4ab5ae6739b214d15a

SHA256
b188a89139eb9394a11895eb7ce07112be41c10a00b330efaf18ca080fcade40

SHA512
a15397f1d400a85f42e1d3c2d786bf0eeaf9bab6e87e10896857ee059c91621c6b00914a79d74d78a5d84f696fe449a2a661aee21af2741e7224393a0ca46cd9

Download Submit
C:\Users\Admin\Desktop\ConnectUndo.xlsx

Filesize
12KB

MD5
c6b125bfbb2cf11ebff5b7432e0d5c6c

SHA1
63fc5766b58006ff8c1f377e6dda0bc28bce929f

SHA256
a1b389ab725bca01f84144980e6521a35b85ef727d637e92bcc46e6a859cf245

SHA512
cf715fb5d141646c67b8e39fd6e66f3e744baff422e92144a929fb612c242adb06bcf4e4a9a83fd4ca1c0496e4a74c492f40448d104299bbb1530fb37400155a

Download Submit
C:\Users\Admin\Desktop\ConvertSuspend.DVR

Filesize
314KB

MD5
2249ea813929c9c55f610caff6544345

SHA1
5eebb5fc59fdf78a9b5a9a8bb8bce8196611a351

SHA256
aab99c6153d9428388e669b46e5325348068fb1bdea91e09570923e318a7b674

SHA512
7c1500c921ee6b4377ce051939845de2dbe761daf222320c252fac959bc704fe66d5ba1faed1fb4eff5343a0ac85dc8eec7a7f39afc67ab1e9b7c41da01232c4

Download Submit
C:\Users\Admin\Desktop\CopyCompare.wma

Filesize
368KB

MD5
e41e87ee7df250861aee739f56b889ec

SHA1
d4618c37f18cfc33ab7452901d0d7230e61ba736

SHA256
7d501f708c14619470bf54d77c85f62297bdc82528f486c66d24075f56fc6480

SHA512
9fc391e753b7429478b4cfba0ae2e00e534b9460d39e7c7216fa6ea313e9a91433ee4343b0642e4037a7c0613b10bde1c944e7f9658c896d2333a859e080049c

Download Submit
C:\Users\Admin\Desktop\ExpandFormat.ods

Filesize
763KB

MD5
bddd0c6287159d7ce0c83115ffdf96b7

SHA1
2b910dfb02796a4d751cc6f8fccf9de8cf7a0648

SHA256
414a4302d3674414310ec6ebcea46a0c8752986af7de3aefdc769204a4055bd6

SHA512
6f4f11a98eadd5528d522668b2a56f4659313e38c5b00fe57b1d8cc47a9db8537ad65e201f806294f9a2418cd0d83b3df18f31789b39f80b0621ce4e2c5787fa

Download Submit
C:\Users\Admin\Desktop\ExportOut.m4a

Filesize
234KB

MD5
6bb9dabb086c1614876e44719b59524e

SHA1
8cae076e3194f14f3e2d1bf3b0d1a57d802e608b

SHA256
6fc98e91738062ae0605a82eba78f989ab840570d082d73fe20d6bbe90d61bf1

SHA512
9ec1f2aa4d55fc2497fee882ef0f0805e6a5c321ed8f82b602fca0cf97fda6abb63c687f85405a441be4d9781b276179c863d5d597b52c71ff4609664404595d

Download Submit
C:\Users\Admin\Desktop\ExportShow.xlsx

Filesize
11KB

MD5
7f4c43818eb5976effb2da96ca87f44e

SHA1
f35f44b94fb3e426d9f2ecce802babf84ea035d8

SHA256
a77850ee04523a94b1e45184bfbdccb221cca7e1d7b29d77a9a0a2547e438f8d

SHA512
08e2b82c3de3c60c3b106570582dd1cb4840d3ca611fe395f284a20ef7fedc7bec1595723ee8ddf0f933290418233060109e4e3c1f1e87f4788d9686555a1f6e

Download Submit
C:\Users\Admin\Desktop\InvokeDebug.m4v

Filesize
207KB

MD5
7681cd27212e123f27afe957b5113054

SHA1
9fd467db0eaeaac44523b105e8e43b1a837222de

SHA256
82ef2685bf2a36b9944c24b79401f40d5e8baa7e13605cba198de62cd02678c1

SHA512
835f64cd38bf75716206de8566d0f4eabfa65df0bea1246f2c702aaed16ef1911b3072f47eef88e3bb490dcb94995242ae206e0a18cb8f1c714efc2c340ec271

Download Submit
C:\Users\Admin\Desktop\JoinImport.wmv

Filesize
301KB

MD5
efc02958f0c27bd900d01f24dd4bf732

SHA1
913d15e8369f12308fb32f08217451845a09a9e8

SHA256
ead557313a79b9a7cdb15b143b792adbd0126819ce45a201bf15f4d743d59a57

SHA512
bc52e74021994c78ed0c473411da0860a14fd88b4c73f70194cbe3da085cee72ee6d1a056e7da3f3f751cd94ac80f0080ddf5c0a4201be362dee1868fdab913d

Download Submit
C:\Users\Admin\Desktop\MergeReceive.vst

Filesize
328KB

MD5
5f0fc92962be658b852b59219e8f0ca1

SHA1
63d24a390200d436fcc2e60c1962f9f9210c88cd

SHA256
1c2c9ec3468a986832dc8797490091245eeadd091ec39915c13148d64afa4408

SHA512
2791fd194fc98e6ea16a76fb9b64edb5ba8d7b7efa8b9bfeeaf54404c2ffd83aadc2535980001546834a0459f265252df909a8e820f644feca74dfdb8d001e01

Download Submit
C:\Users\Admin\Desktop\ProtectGroup.xlsx

Filesize
11KB

MD5
e1babbf911d0ec0b135b9d65619d61b7

SHA1
9e839d73fcf9c1a172b6b3a4aa0136da9e172190

SHA256
f02830ff1f21e972d5cde3f5108603c6bdcef75ecea57070b043cc33fe0f6a8c

SHA512
379a34485be2eb8bd4c0659f6bed0b86e71048c742cde6e54d03a8d831f71d004dded6edebf456a52a9eb7a199f174bcb597e08b2e135022122123edf7474653

Download Submit
C:\Users\Admin\Desktop\RegisterPublish.bat

Filesize
341KB

MD5
11d1948079582f11b6f8e1ff756b0d08

SHA1
ac8b9c249f3df5870cd946b9636e6cf789dfe131

SHA256
60e3bbf3f30d23d069530a6eae1c1859693c032cd2777821583d39424685158d

SHA512
f5b61ae459a6d99dfe1a53056406a46d6cd7da587f144b4a7165b1372abb74745da12b8e6a7a04ecea9962389b63f4da284d5faf7214fa4f9b6ff23461836cfe

Download Submit
C:\Users\Admin\Desktop\RequestUpdate.aiff

Filesize
194KB

MD5
08a9d2d26d3867ff090eb09255337be7

SHA1
b4916b8d26a02079c2ee010d98a38cd00021589e

SHA256
07c3c7e7d30c400e734f143beb2343cc076d8c142467cb725d06931a1e42de11

SHA512
02176bceb7bccca2d322d84ecc41afe9136e0b0d247f650bad408acb7b2b1f34615fa1028335f9eb6bc69e3e4e28dd8786f2867cab452b9453b66e9330e58b3e

Download Submit
C:\Users\Admin\Desktop\ResetOptimize.sql

Filesize
488KB

MD5
b4ff1d7863cd1f108020edfef99c9c27

SHA1
1643c4f424184511b31da9e95613fc24570be9dc

SHA256
ee84195a9442edb3157c34f2ac016daa3acc1dfe4264778d5565d27310cccaf6

SHA512
6c812becc2e5c3adde948bdbde9be8805d5cbcb7a8e8bb76693c1b9da73d4b7807501a36e3cceddcb7a7497c88113e65b9f5df0caa4e7e231ac950548aea1945

Download Submit
C:\Users\Admin\Desktop\ResizeNew.docx

Filesize
19KB

MD5
42bc18a46004f892411ca210538f2688

SHA1
2b38ec9017b579eb324364404681e51689bb6c1c

SHA256
57ff258a004b7c9a638b9b1d00160bc38bfb397a18524b165773e4f378ea3c25

SHA512
9a97acbd00f6c82d61cfcfbf4856bc8263dfa33122f0f21f13c33ae68f1f6f7b968cdae1a3e8dad60526ad1c3ee6ab2047ba9a7075e03286b49fcd251fd47ee1

Download Submit
C:\Users\Admin\Desktop\RestoreRevoke.xlsx

Filesize
12KB

MD5
66aa6770855d0e5e08d026c18b0267fe

SHA1
91c475bfe7feddc4e991b2d7261711b6a369489b

SHA256
70687876e92604e146a2b5467cf19e2475df5f874ee51ca8993790ade582c0a3

SHA512
0852d2c81dc2111f91923be8fe78ff1c68297a458558957b1e316b6c4c2caa02112c165e824dcc45158ae90d7f7ea07328cb2dc76d3a3bfba24b83c524e4fbda

Download Submit
C:\Users\Admin\Desktop\RestoreSuspend.clr

Filesize
287KB

MD5
e93668c4960cef3135b70358439a8521

SHA1
aacb6cc825039d56c531d56afedec22c1f645de7

SHA256
fa292300112d9faf4c83dd31295a572c6145a5e36b3cf111169690c6e90ea78d

SHA512
3da515a2070cb7b81afcfc07f5086615af688cca3eade33ac55122d86cc6cdec5730f937eacccd2d7f10b6e5ca780ab9808e0b80e05a7ee80c9709ff294aec63

Download Submit
C:\Users\Admin\Desktop\ResumeDisconnect.M2V

Filesize
247KB

MD5
227b169d9a3e8e752be550ed1488579f

SHA1
60cdc98fc0357ad7cdb1d2836f6de8f9864add4f

SHA256
94247841f96949824fe67060030cdcb74999b937b41ee678fb73dec8a45911e5

SHA512
1ff104cc8bcd3d99d82e428665f1ba6360ea3c8dabfaeae4163798ade9c02ac8733b371cfc8c324988e57d6ff855cdd33dd782813230c2f3349f4ef70e45427d

Download Submit
C:\Users\Admin\Desktop\ResumeOpen.mpe

Filesize
261KB

MD5
573f88850210ef8e013a42fd184d31c9

SHA1
97d44913b1283f10c84e01245bfe2abf09a686c8

SHA256
8e393ec0efad0e1f27cf7832a6543299c7caa38d159b90781cc6c83b3edd7761

SHA512
e2edd38bb4b1a1e835d328516eafa4eda7cd197e3b23be13ea575b8091fd7432c0993dd6bd351baf5785f9c0fac3dce882868f50903f1e656cf44cc515f33c5d

Download Submit
C:\Users\Admin\Desktop\SelectDismount.ppt

Filesize
462KB

MD5
ac223413c26a3199023af2406203f073

SHA1
c4bfee1ada82acca06ca8ee30a811c5be374fc73

SHA256
ac7796f99e0d2245d8277139d3104d25417e47f35fdf1c7620a94e40f7223f78

SHA512
5fe367a7cffb000dc99c9adbc54aa17960cba022b9aada5fc463eeeadd1fc7be0d758f9cc948d48dc214ef90ebe644c4c5d54ccb3c18b90710c45af0931f3458

Download Submit
C:\Users\Admin\Desktop\StepBackup.odp

Filesize
435KB

MD5
ce74304f94ae45fd35e0e45e46eb349b

SHA1
81c39fb6de6991a6ebf57694242d4b8fb1312b9c

SHA256
aa4a725a2c477e73b07787745431673f7cc15ec2f80d97d6e649e9dd127484a7

SHA512
1881359b912678f2f0d89e346c3a17ab59af32cbd058cfa6ed56b951fbfb2ef5e13b4a4526b287aa377d0ab986e5764b4e2e5698fed6097ed66b771dc4934426

Download Submit
C:\Users\Admin\Desktop\StopDismount.au

Filesize
448KB

MD5
12d9e3863e83d7175ebf03839ae67272

SHA1
f7f096fe2ca8d6eea09ff88946ad6cb9e31a628d

SHA256
479c4d9f7dcc0b5c812c2aafc70857134b6443d82cc0cb7fc679ccf74d7e5167

SHA512
ff2d962ef848205d9364715637d69a1ff1cb7bf7ecc2c1dae0f2f39fef60c3fc6743c1552551fca688e71da776869d1d013574673f0351729533dd042e8a892c

Download Submit
C:\Users\Admin\Desktop\StopRequest.mp4v

Filesize
408KB

MD5
7a18a7e4550a96c93e58fe7488c5f153

SHA1
c540ab243b3153c926cebdf3fc85bcf2397725b2

SHA256
fe465667d92358025ade7a5a74930179d162c8ccf533b54b09fa7667d179ae60

SHA512
b461edaf4130bdf03a1523abe608a72d8c6aa82d05f56c716583fe2616eea1e817223474e84d87fcb6852408bbe1d6fff8da0ec40ae2e33058602a256d6ecc7c

Download Submit
C:\Users\Admin\Desktop\TestPublish.gif

Filesize
502KB

MD5
3b516e851a097faa4deadf25f3f143c0

SHA1
1c9f3df9089d245f6416e5290082455548789b90

SHA256
b1a6cf20287aa1c5861d6c36ca1570f76f42b639cf87f224013226f4204fa524

SHA512
6d0f4d97269d4837758809bfa16498479f1e251463b701da73738df03052036d1da18eaa329f278aa0fbd2f427c927f4c1e4a3fd054d3c7006f20737c33c6c51

Download Submit
C:\Users\Admin\Desktop\TraceUse.mp3

Filesize
220KB

MD5
778d9bae257712026febf219721c46b9

SHA1
db00c36df084a85af618f75be5545dce9e35c0c6

SHA256
0b3fd130bf4d5b5eca7e5da23982c365c69c6ce81307edbf4e23b9dfd37d86d3

SHA512
891cfcb686db2b047850fd9075139a4798333887cbd48f1ec9cddc1da955f405e479c018bcc9ceb901d59c3e070660dd84aab4cc00be3d01d9ea762393373567

Download Submit
C:\Users\Admin\Desktop\UninstallPush.xps

Filesize
542KB

MD5
7047a30c550a6d3926e49a79b78889d0

SHA1
38917c8d7a08ab2534b16f97f1f6b09e4be9f5a0

SHA256
f08516a8a2ad5f324908dee87e71523309b5522383cbceed796fb29c5cf47655

SHA512
4a61ade4f92014adc871206215b411fbc475de53e20c338714ef5dcf4c39b0f60444ce300e6f4d4546833b32bc7b864fa6b101b40f69638543f864fbc73fa7f1

Download Submit
C:\Users\Admin\Desktop\UseBlock.dib

Filesize
555KB

MD5
3b78e2ad9852530a2f8bf46df63efb12

SHA1
a7118463688ccf576ee118b7282d18d674ca2ece

SHA256
98b1eedeaa2e9d218df30310d3d4f74b5eda69323cc164b5d8909eecc7d7e38b

SHA512
278603559dd7b61adf33c4f7c9b7090298ce3587c2c465af153fcc809192a041fbfc0c4494ae790cc396d2bfdcbc5f3e01ad66082eab1603b85489798ff99459

Download Submit
C:\Users\Admin\Desktop\UseInvoke.html

Filesize
421KB

MD5
aa16d045193a96e8a92c4bb0908b17b8

SHA1
db2e13411c9cc66d33af9f10eac715e137cd1814

SHA256
e7fb854fed85359096d39468919286bae82368ed8d8e398b40e25af230db3907

SHA512
b9f7e1bce7ae6abd87b7dcbee46fcbd23664838578811af4a60519c9b782537f1e9dcbaaed0f4b50c6212edbea8aef2382b8b209a1a3dbfc6783017d4cfe22be

Download Submit
C:\Users\Admin\Desktop\WatchRegister.M2T

Filesize
475KB

MD5
e2561910f7c78ddef909cd549c8f6312

SHA1
664340fb64b58f8e75ed8c14c6951d85c92e5df3

SHA256
69875f01c979a8fcdfb0a5f98c348723d56ae59c63552ea40b2de84b0428896b

SHA512
3be0d6755d9a47af56cebbd426f1adc27323adaaccbbd9f876350a8714e2269da9f8003a808b18f32079192667ec1035394ddb1efd8e511b110a8dc90c30e13a

Download Submit
C:\Users\Admin\Desktop\WatchUse.jpeg

Filesize
395KB

MD5
6230a9e49a11655ab3ea8dde548a4695

SHA1
342478aad93449a6bb056b04fe65e528ab3318b0

SHA256
fe232df3ec94fd7b9c5f5f27a5c820dc3569d5fc2eede51ce1bb684563e969fb

SHA512
3323d0a32ab58c9bfa37c1e34b9312ec37ebfcd81d8b8eb8fec1e689a2a5428a8709d5f7d5a55b85661aed9e5535c63bcacdd46f6913f3d4aef718f1234a4586

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 409857.crdownload

Filesize
796KB

MD5
653c07b9b5f1b22c84f72c03b0083d18

SHA1
54c25b876736011d016dc0ea06a1533365555cc4

SHA256
c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06

SHA512
b605773fc4fa244f354bb8f51621225e6482751d19bddf747f03f624581bc7ae896ca0e40be91b667aea7a7978a291497a362f9bd65449682e1948938af684f8

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
a311751a3815f2e021fdd8e427886d9f

SHA1
a32e2896c3ea288bf05e227f56e30674bb502c8a

SHA256
141a61e656be79ea28dd3de62bde3c07eaf76d409c857f24ddc8d19b3c093b78

SHA512
d87712e87602f6e3eacb5ed7f27565509090da8010ce727bb3dc42f49957e14844545c8119d161f4fdebf93ebb1f6ec84bf29b5515902ce7b9e707e2edef62e0

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
5d6cb28edc9fd5ebe52517bea3ccd7b0

SHA1
70b96a5cdbf212b15114965bd7c33ae159b93c26

SHA256
0545a4132ae2a9c0fb6950a59a33511cc5673e1a89a250e51df89f8130b380bf

SHA512
940495b644ddad0cdc9c9a7e7851a6d07fabd1fcd1e4f86b98b56ae0ac885a810c6b521e90cb07bd78d56e09055eb3322636db0a4e76d9aeec149b61ca3d0b9f

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
a07e506b2b524ff34025889d0dd56389

SHA1
642bcc78b0e1e7c13ca78fa1c96568ac861d3e21

SHA256
a3b0154c525bca29a06a0fa706fc70e844614a6d1e4f3eb2f96e31b00265f004

SHA512
1d2d4ad7a16d2803b27e6394617ac90809bc8f8bcb80df75cf3c1beed3aca4af5a97ad9e550a3c5c889471724673d2c22e2f50042b4af889f9292d974206bc2b

Download Submit
C:\Users\Public\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
c71989ca081f79ca6503f101e15a87cb

SHA1
129f26e3c50727afbc871ee99019cea4535c8a07

SHA256
924ecde7155fb1f5d83ee081316ff0fcc27091dfaa7675eb9171648554c49b90

SHA512
a64c61c0995cd2d0e9bc65cb3789e592ee742d7f93ad68b2d2c1057b6f15c69b491c717c3ba2814f81f5e19af4a24d883e56fa8147899c51d74b49b878fb03e8

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
40a924555fa1183aad1540619b066fab

SHA1
9e95c1f274983e9d75da18a8e1def3862f900a90

SHA256
34704fc5c835fe0958cc24cb2dbcc110ad41194de9b8d0d27e27b9213a6f8c2c

SHA512
b5418908e50af73bb95ac3c6a9f8d18ba8c4558637d1f39b98047778e417f8d9e01de8e717e1b7b63f50ea1fa9d82ca75830a34e92781393c0bb20a199be86f7

Download Submit