17b42c706e659819de51acb566965faa27818b8e631977016269ed332634e303

Analysis

max time kernel
1204s
max time network
1206s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/08/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VMP.exe
Size

5.6MB
MD5

fb6d806671fd4868d1cefc9dda05af56
SHA1

a788d9616a586e97c78a5e3a3ce6dad5680fa94a
SHA256

17b42c706e659819de51acb566965faa27818b8e631977016269ed332634e303
SHA512

3d539fd8fce3be0b445d5cd9593f40598a0a89f749442f0789ee4c91d58e128694758b0f3e889d221a6e0c2bd6ace2b898783c62eee61d1228445f9bee693431
SSDEEP

49152:DOjPWPkJztQpz6i4aadnVdB0dFnK/oWNjRz333LWKC98v75tJm3gYJ20KSC1U56c:+zdBKFFWCB7vWGcRxbiU5rrYCrt9G

Score

6^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\VMP\VMP.app\desktop.ini	VMP.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
36	raw.githubusercontent.com
41	raw.githubusercontent.com

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Executes dropped EXE 6 IoCs

pid	Process
2968	VMP.exe
1340	VMPe.exe.new
1776	VMP.exe
2888	VMP.exe
2272	VMP Game Downloader.exe
5028	VMP.exe

Loads dropped DLL 14 IoCs

pid	Process
2272	VMP Game Downloader.exe
2272	VMP Game Downloader.exe
2272	VMP Game Downloader.exe
2272	VMP Game Downloader.exe
2272	VMP Game Downloader.exe
2272	VMP Game Downloader.exe
2272	VMP Game Downloader.exe
5028	VMP.exe
5028	VMP.exe
5028	VMP.exe
5028	VMP.exe
5028	VMP.exe
5028	VMP.exe
5028	VMP.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\VMP.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Control Panel\Colors	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Control Panel\Colors	VMP.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681325483262079"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = ffffffff	VMP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\NodeSlot = "6"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	VMP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0 = 4e003100000000000e59af9210006461746100003a0009000400efbe0e59af920e59e2922e000000bdb20200000001000000000000000000000000000000004cbc006400610074006100000014000000	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = ffffffff	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	VMP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\NodeSlot = "5"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = ffffffff	VMP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\1 = 4a003100000000000e59af92100078363400380009000400efbe0e59af920e59af922e0000000fb30200000001000000000000000000000000000000561db800780036003400000012000000	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	VMP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\1	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	VMP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 86003100000000000e59ba9210004752414e44547e3100006e0009000400efbe0e59ad920e59ba922e000000b7b2020000000100000000000000000000000000000032d71a014700720061006e00640020005400680065006600740020004100750074006f0020005600200056004d0050002000450064006900740069006f006e00000018000000	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	VMP.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	VMP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	VMP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	VMP.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 42662.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\VMP.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
5020	msedge.exe
5020	msedge.exe
1096	msedge.exe
1096	msedge.exe
3488	identity_helper.exe
3488	identity_helper.exe
4640	msedge.exe
4640	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
3120	msedge.exe
3120	msedge.exe
2700	chrome.exe
2700	chrome.exe
2872	msedge.exe
2872	msedge.exe
4620	msedge.exe
4620	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
3912	msedge.exe
3912	msedge.exe
3132	msedge.exe
3132	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2940	msedge.exe
2940	msedge.exe
4880	identity_helper.exe
4880	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3208	msinfo32.exe
2272	VMP Game Downloader.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2968	VMP.exe
2888	VMP.exe
408	MiniSearchHost.exe
2888	VMP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 4360	4680	chrome.exe	81
PID 4680 wrote to memory of 4360	4680	chrome.exe	81
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 4112	4680	chrome.exe	82
PID 4680 wrote to memory of 3412	4680	chrome.exe	83
PID 4680 wrote to memory of 3412	4680	chrome.exe	83
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84
PID 4680 wrote to memory of 1332	4680	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\VMP.exe
"C:\Users\Admin\AppData\Local\Temp\VMP.exe"
1⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9a29acc40,0x7ff9a29acc4c,0x7ff9a29acc58
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,13068394387857386156,9810994066889719374,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,13068394387857386156,9810994066889719374,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,13068394387857386156,9810994066889719374,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,13068394387857386156,9810994066889719374,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,13068394387857386156,9810994066889719374,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,13068394387857386156,9810994066889719374,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4316,i,13068394387857386156,9810994066889719374,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,13068394387857386156,9810994066889719374,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:4156

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3320

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\FindEnable.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ff9a23c3cb8,0x7ff9a23c3cc8,0x7ff9a23c3cd8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Users\Admin\Downloads\VMP.exe
  "C:\Users\Admin\Downloads\VMP.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Control Panel
  - Suspicious use of SetWindowsHookEx
  PID:2968
- - C:\Users\Admin\Downloads\VMPe.exe.new
    VMPe.exe.new -bootstrap "C:\Users\Admin\Downloads\VMP.exe"
    3⤵
    - Executes dropped EXE
    PID:1340
  - - C:\Users\Admin\Downloads\VMP.exe
      "C:\Users\Admin\Downloads\VMP.exe"
      4⤵
      Executes dropped EXE
      PID:1776
    - - C:\Users\Admin\AppData\Local\VMP\VMP.exe
        
        "C:\Users\Admin\AppData\Local\VMP\VMP.exe"
        5⤵
        Drops desktop.ini file(s)
        Executes dropped EXE
        Modifies Control Panel
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\VMP\VMP.app\bin\GameDownloader\VMP Game Downloader.exe
        
        "C:\Users\Admin\AppData\Local\VMP\VMP.app\bin\GameDownloader\VMP Game Downloader.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: GetForegroundWindowSpam
        
        PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15493622969406039712,10810040497416820301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a29acc40,0x7ff9a29acc4c,0x7ff9a29acc58
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4684,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3760,i,1851933702840735975,6978070223648125465,262144 --variations-seed-version=20240813-180206.149000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:3672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a23c3cb8,0x7ff9a23c3cc8,0x7ff9a23c3cd8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16211789906056709416,16101986200911746775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a23c3cb8,0x7ff9a23c3cc8,0x7ff9a23c3cd8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13425443126055326818,11107019387872589381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:408

C:\Users\Admin\AppData\Local\VMP\VMP.exe
"C:\Users\Admin\AppData\Local\VMP\VMP.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
a79262f89d388f555cb943871550ff2c

SHA1
c3e1bc1afc3f4401a358ac079e7adc56087e9e8a

SHA256
5dfeb6413e81e0b127f6b04c960164441a5551ee6f797af190cc1552bb638a5e

SHA512
0eaf66040355a4f0e432f1753c58f5134c7f917088ba9d424625bc44ca6c6af1a58a012ca19c35b5365e9adf75194dbff5f254ecd5ed4ddb7c5b38f30f43b878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7bcf62155ff790174eb7d0bd933c377a

SHA1
f08f3142332cccbb197645a06a2be53556583b45

SHA256
3e4edede42ac4bbac1276ba6d12ce318ce1c583e6de3f30049f1110fa1d98779

SHA512
5205f8b027d8ab8bbfcf3d0c6b162c5c52d8e073d27e2a0765c82d31f849d43c5bffb00a5631eca30d63e92f481b8dfc18699151fd9977dcaf85b542143069c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9d195294-f5fb-42f4-b461-bfd52da092bf.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ca289939f3b8c25361e0ddbfe34a4d04

SHA1
0ccb8bd6dd15c513d7c003f33d683895a025e897

SHA256
ac3dc6709fef5a84632f9db1d396bd1d9152572c06257393629ad9610956b49c

SHA512
88fc61d88991c9ab61cedb9a40dbab68b2cf139b8885462da97e7ac98590b19c4085c86546f0822daf45c469f84d441a0e416d78ab57daea08e47b4db2de1f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1bb8d60f8d78e7167314529e022160cf

SHA1
4238dacc31e49571ee94c03f7071b06c31cdc776

SHA256
0be9288b7ad6bc0ee299593d78b37b49f383bb3895ed19bee2f96ad88225084e

SHA512
0c98bf0ed278b122fc4136ec6d4442fd1b9b76b82a2298128a618b41a5add1b6b087ad01641d0b57b3e9cb0ccdebb4f32ce2e7bf07ba87e52375790855d6d69e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
abfa7b157ecdc10d836fc646588eeeea

SHA1
62bb4b80b7f3d15962b34fb216c017c71acea4ee

SHA256
6e8adae4aa5318fd4be725b8a3c1a2a3b49615063744a88f509f91503eef7eb3

SHA512
3ff0b97eaf2cdd9da71c0b37afe894d6d0e30aa0c3c0b4ba72d8f877cd718678d7e7885ce6a62ebe0f7036bb2f941f2ae477fff96b1630262b588050cd63c929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
af2d34786616ee3a0dabcf1c04a416ea

SHA1
74c8a5c331144a61c997416c8b0ebc99a8c13012

SHA256
f1f5afd60a65116cba31521c6ec7e761c543bda357a134dbb69e3ce934631902

SHA512
c5a8c6138d52fc7e461ab2d6ecff7398c0065f910e32f8c988b3a3ca54f24e0578951754262b7e619c3ac73ee1a166f206695c486f4a79393653500be5eeb7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
087cb8b2114549075a38621da53c49e1

SHA1
fbcc63a2d35a811b9555800b24918ae762cf9370

SHA256
3e0277be0dcb2008cbb9679e8847e71ba70f37413d21baa408c1358e8ff39ddd

SHA512
2bfff950bbf8247371c62d6c7874dfc6668ebf8d54d8445c177c138ee0297470b8c25a67f6228d0d4442b6659bdd8913d8a721241aea2171ddaad7ae50b866c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
49ec60695a0115595902f299a10bf8ee

SHA1
3b57cd4bfae380a8a8d57cbce9ce28bef6d24c36

SHA256
1009954ef5d3a0570bf8aeddf5a7e82dbec5363fd2373757f1727190e9a58032

SHA512
d5e4582b6c92139a60c226f62b66d4a3aafe92fa8ceb41babda090328827093f5a13f203cf8cd65a1ca25339da988c4f3725fe0bb6d756cd35b52f0232aec899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d08cb43991fa8f114262ded26e1cd35b

SHA1
7756390564a43fb945e8b36c010150127721a96c

SHA256
8b9c8578c1a2c5518818330cde5bb252b17d16505fa42b18d7925bfc52c10637

SHA512
8eca15d181982633dde21f99c7d683c6f2e865f5f7f93a1ac8ef8047e4a035631b84e34f6e9071ed3017aca6d04606fc2f6a934b9fecac7aab5e33b940b99f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c2f83e4897fbbdab3e621329cdba1624

SHA1
d49e0d7d254ba10492002eea317681ef8e39c48a

SHA256
e9784798387d750b212c903c1433f41e94a64a87b01ec34d9bd352c2a46ca9d4

SHA512
76d9374ce01809e3e8f232d50e5b349cd779320571d8018fd3bfdfab335e4db3d72a84dfb10828df345c972f841a221c19f693a3c2b06d16f6456ba7d5a5e535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
fcf01464c948d94a65466051d78c2445

SHA1
a8537c2b630d1735e14f3ce1404eb887073bfcd0

SHA256
87ccb2483ee31ed8e58b8fbd42db09a018c6167775019678cf9bef60fea80121

SHA512
214c6f4df49867c1a1a4086c0bf9384feb8f0d8dd29bce00f49cc111a502eb329c484e3062c87dbc60ab49201c6b47da154cf333eaddfdf59a746faad4a1375f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
cf4a8874aca94dc16dab98a087f93432

SHA1
0e13dfd78351611a29e4afe9b923926052eae27a

SHA256
42bbbc38799a22c79cc1ad8ab0479d33e00af028d37bdbd6f864c1c8ecc9fe71

SHA512
280791cd1e0b72aca988218e804dd6e23bf8ddcfb52fb70bd538a18931b0508afc31c42723e2f7ba2a8ded990fdd4c3e45814fa6dca5d6f6145f6d10ed32d122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
82bc4e93e0993cf49d1281f13aad549f

SHA1
d65b32817bfd122292a36833cfcd326bbae48194

SHA256
635dd8ffef3917f73259999f5d6e807f03396b13a583a4166df176fe0b09497f

SHA512
933c29469948afb9b2f1307c28411860984cabdf9f5c53366597596ed8229b233674667f9eb4dd2288e094c45c9a1a384bf36bb15ee2e4aa89358d40217c528a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cdc5f622ffdaabce76a608b11153b0c

SHA1
fc3ae84e96f4727c39156c8a30ccd9eb8d93458f

SHA256
91319128cfb51843599ec80da19fdded58fbb1d1637383cb6d4cc3fd3fea211a

SHA512
909581f9cb32e3d5566e1f64b0eeb36d9ae1e24144f74d028dc37fe5e0fbccab1fa537b6477037f0274f57ff02b0bc6e2e0356262a118a72b07aecb3b132ddcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65a5191323fe50147e23029d78874a51

SHA1
d98552c78e6a447071d131b19b2b9a92b094b7e1

SHA256
24e53ed90831e86d54b6a8e4d40c8e1a4eb5ce18b4a9d7e2a150d6b075026ccf

SHA512
341a222f1c5ca4ac40d5e6223fcc9bc2d23942de0099dec3444bbc487372ff139ef335adc0a65ba9ff81895555192a56da1795c056dfab0c7f632cb37bbcc941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e708a83b6717ea2f57ab55c136b14565

SHA1
142efb2f853729d9e6d1c9f7be783aa81ef15840

SHA256
27c5b7153ab88dad014a0ec8a4e0beff1d0f3bc02539b7927a0cffe6f651425c

SHA512
27ff03371999328c8d399488d38f9def1d92569c819a6e5d7426fa3a24d7022df5461f8734ebcf2843af9a0ceaaf363da08ae58a699fd67e2980b1dcf88d88e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71295c023c621098cf5ad2cda8fd90b0

SHA1
594a1c4622468fe010ed2a86479257587ca3eb4d

SHA256
59cc80325925b137ec2e6586371207531a46b228feabceb119e75602007c1085

SHA512
404aaa630f87c5b8e1a3ef1509767ee8bf08f76a3700d9a97d58811f9b77be4af6ded9d636d031d393efa91f8ccc599cf024f633558de800644f8345220b3785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b17e5acdb4ef19f59c48f9c09b0a1edc

SHA1
950f6d9648611ac77594e1ffdfa4c39d1040de22

SHA256
a824327e39c50ff9d06068ce939c416cf94ffa22693fdaf0813d7bd26bc1c13d

SHA512
8167b1d2bcd4a1badbff5f1b3ea5164e4284797ccb4724f5ba12e372604929ae81568be3f6dd7c6ed372b6cb02fbeae9a099bf4000b47342918a48dd262da75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
097cbfc5d5ad9306e2f7dd2deb48a0c8

SHA1
bf9da97243cf1be9411554a36685f8fbd2437919

SHA256
2af29518868aee84ea89142f9ac556c8d4a3e254720f25455a420da494876add

SHA512
6dd70a0bce08763ade37415bb6b2a44e5dda22003e3fcd4a3e71993868db0c74700bef304bd7729f105b65b1a4b9ae5f9f2cbc826ad0b0905acc2caa99f8b799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
90f72652f718ebf265635218c39f481a

SHA1
d1d47876ace103f0b901f68ebb51d7dcc5912ce2

SHA256
a59ef667ca6fa384b3a3e1d32cbf58f269c5df149d9130d76b3f520f90c81096

SHA512
86c8b731fbc4ea6512718300fbd4790f79490715067fa867642bb724ba8118666f5053dc0f68b26841e05819d3ebe9cab25dee013223731fb335b7c270124b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
b9f333f110060027807e4fd30af5af79

SHA1
e308789dfe7ef3446eb52854835a980e53ad9f73

SHA256
67aae0f6273269b26e1a326abb5cde05b13f6bdadc483d16467e23e56285fb17

SHA512
1e491174eb1f4b31cb4fbee686682251f43941377f0a9a33f860b8fbc52605bc4cb9ac20f83854c2955357dedd2a147db38a238daac26bb905ba8744959fe96e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
ac767b3b050e187a5aac2f63ea3d3a47

SHA1
55038f560d1a5d2b7a3772eeac5813d9a8ff0450

SHA256
f71a183d2886741529af528f721e4efaf6c8ad9b5800925ad06a8c10e6fa2897

SHA512
028b49120488df3750159e111adafdaa77cf03da282cb18154c10ec86237a247298ec26def51d48ec0ea60a5ddd1fdc178805862350443686bc47975f4c48411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
c461c7b8132db01087104810159e3508

SHA1
aea27792b31cf5d4de779b4a1ae4d44fb12a514b

SHA256
db755e65f0c8bc7b4b14db8c208acf39c2eea4839516b836cfdb4c4ac96d491a

SHA512
314112c87ec390e1eaf71061c20e0f2ac90bd419aa980ae187839d322d6b3453306a69302d5e08a062a2aba025dd126b587a10ea36fab37cf640a4d5f8f3f745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
134ef8f1b3e12397960836a87776747c

SHA1
881f965a5e27df4433194e532a3303728ee1ca6c

SHA256
1e5370ca1b445740b9e7aab4ee31117959930269282d1fd15eed86920cb7bc70

SHA512
04f8b899ed2337013451dbd24d5b3689e5aa29623a794814112eee8daece30f3ea5045cf66aeb45779177feb7fd4a9223e276b11790fbf657d01b93536e2cb0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
2279f746eefb1319d44776a40717869d

SHA1
5f7448b5aeb7833b66fe6f929cfc1576ddcb355f

SHA256
efe0f90479eb89497b6e5b6ab98bc74e3678886e55bcce6c58254800678a78e7

SHA512
9b7127bb68e200fa9a8ffa0cf3a13a9b429b64497fa70fe6a88f0ddcca9825633a583ffaa6ac4c7d3c002b65b0723c4c66296dcfd8ca244d1c962a79a5480691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
7944b3d6ca62f97b0464be5eb5734ecc

SHA1
a6352827be0a9da182033c551bfcf6f2e3ed7e2b

SHA256
d09ee91a2c6d9b658ac5a7c1a04c3fbeb120999697ca400f23303b09ae25f028

SHA512
6c4256fa0c9b6c39139619f45df551cee851fda5b43031891c1bbbfb3af4af8fc0ae04c95ebab22e65dd6b28433e4b3945b86e93f3c4c67dbcf56d884e47e8ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
b939de48d60242da64563c75e3b1a1bd

SHA1
b11e7674724e18ac8c92c845a616d37f36270ff4

SHA256
b76b53556719427b65aab102a43a3a537f37ae7941c2ae8eae897bd287cc2040

SHA512
59945789070f288bf4900e165b0b1d64177d8bcb2a1aa40c65e1b1b66e1de285174d114558beb2c8be635f2e2662e5179f771cd6c90b6e3f04f01708ffdf1765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8df0335bf01cf60d16ad8213fca04f97

SHA1
a6fe5986753188bb951df57eb7b5592c0ef42c98

SHA256
242db22167115fb3e9ea02d5029555d2bbdf560163c3f4c754b262f1054672da

SHA512
87901faf23a5cb00798bd2a3c9dd14ac14d0246307d669910e8ab3a213c6a225a3af5ffd1b40215a5439b5ff77906871219ef4c52ebae6bf27b0a021b2142413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e10aaa599f9ef2394900c27f536ca7a5

SHA1
e2f184b1367bdaf043e4834551814d8266e1d682

SHA256
f580f3f88a78ae9235493d95f357d83f95054919aaab43d70496062a484e2c9f

SHA512
0a2b246ef1e34753a0e94c1f1cb1af078cbb22bd7ffebd0b6fe04b571f5b59c9763a5850f59a6a0366fc7dc1321e3432ebfd4d3daa97ae57c6d8e7398962b843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8bef02063028fba052cc03ab405d8bc4

SHA1
3be265f519a5fd6504a2f5466ad8a1ad4c1ae3aa

SHA256
b4e02fe79da38dbf7911f5fa1595e2421ce112cde38271d713b7f392a467648e

SHA512
eeaeb79ed108fdd1ee9ebf593bad2279c50acac24ad7e17a67a315080d49d445f966b1fde3cecd62563d4da2e601fc9afe80c06bde3fb90f30b394c8463e7492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9b3bafe7581faf25fb9bf9ff8f0b8585

SHA1
f8faaaad506938ced54d41e8ed7a78ae26a1275a

SHA256
57abba1f71c3a603339232f71f450cdd992f6a87e19082d709261924e9707ca1

SHA512
37d2e500c8442656525fd26238fa623a1570bdb852c2815c56b258fa029b17c324f4d20e1765d1eb4a5a41bdfc357c946e68f271a4debd64e7268f8cdbf79b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
842B

MD5
443c3ca27c2493a47472cd2bf907bf8c

SHA1
311d8110e86ce9790f9eaf1385a9b967faa0e855

SHA256
522a61982810e533c6674e03901b2c131db60de0e22c86c6a343bfc5f8c3d35e

SHA512
69470e88f56ba7e5bf35d8afbf5c9be3b8c53f907140a5c14af1f7cab5c22c933482e45892696913d9b157580b57b602608aebc704d64e08442873b6de8be8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
842B

MD5
b7b8e326493f71fa24e9d889cf7b7a6f

SHA1
00e5a0c2e6febdeb58c5cb175716f5139037892d

SHA256
51fe497792da590b0284b86a969f8f2f412c992bbe2adac4832f18e1d87c0149

SHA512
4baeb45a602e5f731396278f0b29fc4a0fd4fb8f41ea51eac81baac3893fe21b15ecd758b930585be156ec38f02f7b044b71161c92489ed11b63a96140c0b16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
842B

MD5
01324fcefa1812f626e005c8202e7bbe

SHA1
a34590ed805d7c63038bff6b432f196942643051

SHA256
584b15d593de0db7b6c14da193a7ca2ba2a04322a58aa23fb8b7c0d8542f2fb8

SHA512
16f3ebc642243761461076b343f0778f234cd78c66107791a79e3958b935214d033dc0fc1652cc39ad728b9b85bdfd941ab41729d0a816a6ddd99e034b56f7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f46adbfc00993c4638f9c0e20afe3682

SHA1
e9d5a8fa22298d1ea7934eead4beb06f1f189276

SHA256
29da88a26f39234928b3fa89e95b439c9beef79502f06381b8bfa1b258c34494

SHA512
008faf77fd84f8d035a2a1ee1d1fff9ec5c188a3799fc86a8975989f6f78e6f71790efeb00949b2ac5ac09b0adbc094473177ebaacaacf8d17f7cfa931b4ae0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7198394119a2767ecd53e441a1c549d9

SHA1
48144eafe5807405dd68abca68566b6dd61cdfbb

SHA256
c02df4f1f3688ccf30320d5f14a9a9e648e4dc94cfbca753281afb9f9a5dd41a

SHA512
ca64e06ff30d6b24422ceba1c0a93cee3e1a8fbebc7656c9f8378b3853ea1018a3c613b4561725bd7e92de88877e1d049f534c6eaa197c2a4fb2379fab927897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
33e9953025cef4e12c20d0e3589ca949

SHA1
480d1c6b205a6d6ce10942c38e7eb357a6511179

SHA256
8a43fb1a6e370bc347cd4625498b9d713ac4a9e005457620fdff072e7d4aa843

SHA512
16e94971b067d6ca6c3f0235133b9f5b28564afbe36310794244b354d0c7f45f8af303a28f4d537bb41c5f7664eb17f819123f7d72625bc7b5988265e5d6df97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0be8150247824618a4e36bf33052f871

SHA1
ba00c1ec2e7188ab7b821b5e2ae244fd0f669d0b

SHA256
2f1ccd8e856af6f281ceee5425e7c4d197768ad769f0805fb036199b934b7b05

SHA512
af34380f9977742380c1d72e5291d25427293fc2ffec67c933e7e9713a72a257623522302da32e1ecbd0347c833ee93fe66a155f5afcc3fcf796f82a4e01b682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
768f3c6fb325746838893fef280ab8ba

SHA1
8247cb098a8ff72e1b8853ffe1e2b6f9e3962a8c

SHA256
3a3bfa8f9a85af8f611496675c8e6833ea0756071b5b37e6f2feeb33fc1377a4

SHA512
3f2cf160e080b5d6607b05b479122f6f39c9ff061bdee738a18c8fe6605c5709dc83d61c82b8da8bbff83e17cfa10e189c9c34f9542498aa63f9163ce9d01d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9937fa4b8ae2c72e65ed94bbd483ca1a

SHA1
47272b795f56894d0dd52ddec67dbdb932704cab

SHA256
6632354740da892a402f26825970168d45e613019cad9b7f890c807e23d6acd3

SHA512
94b191ec5401bd475d26f3d7677afe8f8717299e9eca235755556670f377a9a12f7a6c98c6446b879c24bc85cc947939c534084f6b66c3a81197ca2709b1e80e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a18ab6ee7422813e931d00c2d53210ca

SHA1
2c2469748f952356561408f2c60457f114664787

SHA256
63fa37a734e83733de8777edc338c85f2c07e29ca580719f5f3694df3b5be4da

SHA512
938bdb9c3cc681b36f0ba39e0cbd758fda237f934484c64a068e1551f55adfbd6c445b31ed98844323c1784f135a63007e5cd91dfb958c609f468135b7064b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b915923686079d7364815604274a621

SHA1
35a47021641501f565da530397d4468f1d41cfe5

SHA256
7c03df82b72e9c029784c0c09277b91c93c682651a16bff6b129eff07245030d

SHA512
b520ab43e08ac7e4833365501500c804aad8de5e6d14111d3cd163589f38d2969a43077442661013643c86058fbe96444167cc940e2ae58016ed2913bb60f6f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1eabc62781fe0a63457555469df3a0e5

SHA1
6b4cf40445c515be9773e8495e0b41cef6244825

SHA256
01ab09cfebcfe0f5e7c9c2cc9ced0b61601e26a1a90244c1d122bf15ff888272

SHA512
73b43b9cbcd4fbc90fe1c2300fd8f987e2e8b634abc5be463f27a772b962acddaa9ebc66f9d553ac881d2f2dd262d08913764dc6be27d7f21083a17dd6c02629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
25ef84b44c74c7cb611eece9063a803e

SHA1
0caa0e2dd5ba25a29182886baf0cb49765f31b67

SHA256
a58be97403bcc834c0095a1878c97962e2c6c40ffb2f5f6a4032dda5f5a564cd

SHA512
3031e3e25e717ba7ad25422ca7af20dc1c84314c9c17ba813eae9e333579a3e702547e2d5eb9bc3278b9071ed1b0756f1633f5caf1ef00662d67d50f8b0c48f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad5161408d865b571450d15b0f92517f

SHA1
fe55dfb6e2ac08e41cbca37637e0463d1a397262

SHA256
c2999f7d1448b8be84a7bbfe94942873cf517ba8f421fba64e83220f6310cff8

SHA512
318101dfc417e9752b2006640d9385bb18ac8224de65b8dc88a0f93cb8953cf865baf62112b38f89817456688d21ec1e959d77e24d2dad8982f52e6f922a251a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
0e7a84ed59d0411449dd10b8845c76be

SHA1
77796fe174afc3988ea48239c8cdb968574d375e

SHA256
461ff45f81de5724bf1e2bbfe811894fe89d18e1fe67d24ef56e7602357dabb6

SHA512
543d5291f6e46df5ae1963bd232565fb834097877939a7175371ca701c53c934434dbec38110249bf02ea56d9df9a8507cec7758ea9e6845ec859667b27b12be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ad002c30347c4b45f0e8670ad6f6eeea

SHA1
f2d437ffd9ea8c5a3ee2971086587afc620a94ac

SHA256
9a9a41a5b167f573a189bbc21a2b8e060012458132af42d7a72550bb20c46c9c

SHA512
e4963f0b8491d0b2d1713545af8cf3e17d3ea28496acf593ee4f713dfebb70a926d0c8f433d568b31a3f05774ba81a8fe82d4113669972fccc5f6683d53c57b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d46f1344b3de52a9347fe4be1fce023

SHA1
6a7ed9ef9715be882adf01ab3afc92eaf7f201e3

SHA256
097467c52729a81f606f15955332c2ad6129f2898dcc257c219b9d9882b4b057

SHA512
7b518e2e70d8f6243576fcbc1312bb5375dd98b4f335c9ad41d98a3713381e18b4d836cdb1b4503d566552523a6fe1794bba1f68eb41a82d1e6f49295e17d546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f15c36bc7042a84d043ad8e0334a6c3a

SHA1
106ca081d7a9db6840a76d202c1bec9e766840b2

SHA256
ce9d5302ca72f5f7a5aca66c49156e454e87b6f3705b5c97f5a739c030f27c2f

SHA512
04b0f579abadda5c67f3e5915c7ae5b943c0e9b50bc80b81cbe77b13cdb07cd83019d0d4e9da0b06f133f04cf9db7bf5aae2417d818447214312e4fa7a280703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce52c9bb2bf20510c82a15ac6f268099

SHA1
82c13f978523024cd17e4002d875cfbdda4e01c0

SHA256
64ffd153dfb9b1b1671a1c8cb26fd3a5cacd0edc4bb096dd383a463f66616a43

SHA512
b1e9543113cd2f489df4953b219c5c12c8ca851129992733e0117e1f41fd272157c76b0c2e04dab81943dd89db601aa7655db407cb29f9a1e7eb690c5a2a73a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90148b2c555104565ba31dc0121fc18d

SHA1
baaee1fc60d25a44a8a74ab6cff076be8c9749b2

SHA256
1f0e441b29e0a359c0d5cb29591d4ccdd011348dfa3175ca7dd0eff0f63973d4

SHA512
7ab53d0f3044ea5078a59f8e283bd7fa61d8943def02c0af1d565dc97bc0ef18f207dc19000014f7332a90515da1f6d530dc6088857a7907e3dbd1a37d5f2ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab42c0422cb4a6115dcb981487c56ea2

SHA1
311aed3ca5e2079bce01f37c1d676196e0bf0f0b

SHA256
da2ce5c3b2506d7300862f499b4f435d800d4d60c6396ad1d892a2fe3ced5a41

SHA512
4ba9de5325eceb793959482ca4013ce6ccb71ab641969bdc0519af3b2ccb28e52ac2b7a42668296bce307190e35e2837ef087545eefe7eac9c4579cf55739c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b97add935f8b639b4e90b6cebb2df8e

SHA1
2be92a5ced92b8e27b9f053c25ceed5630812bb1

SHA256
b16d8adabeec3df68fb676ebfa19e0cd99581935c745837a50d234918ce136b9

SHA512
d7268136e3571b8792b1efc0180a353ada43da2b53aed4342e89584d42495072c0968fd3760a5acaf600a180c03f4ea179ee4d1f0681ba518b3af23d51dba5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc9a0b0df2d0f65b784372a6dc5ddc39

SHA1
3df73dadd1c17adc8b5ecbc9a9f6884d7da8d6f3

SHA256
c1360ffa2c079f8df62380f01fa4d7a9fffd8965b941bc7ffceea6d2423c23d5

SHA512
abdc37d0cc1e7f0ada161670a33b2d61aea550077551a3262a41f9365b1ba0aa1e8c3377d583d18c637867b96be22b0912c8739a64daca159d009bb24d0d9c32

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
97f45ca1f114e96e43f08e9200b92c4c

SHA1
09d090b26e096a641e04816cdb65c8453fb8f0c0

SHA256
7264d2af2a25f1f10f53051d2f5896492ff930f67108ba9607f298575d6811f3

SHA512
f08d96f3d0583c5be8582516fd269ae3f9cbc942bfad6725d339ab5f02a6fc20c7065b699866a9f2e0770f409495852e2f2dd05d2071112998c6b1ccefb8efbe

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
6262f2199c1a5654deb4a87868e59f4c

SHA1
d65e30f77790a706d66b16045c764c19976d9d5a

SHA256
7f9d28fc249a76c58ae0f14e8b4a94e3c6302753a924d387ec63f701bff2e413

SHA512
111fe6affb3cc826926ebe2d442fa9ef3483ac70aedd62c5ed44ab7eb19a5af81982e9139d45370232d5133a340d294f0aaf366953aa47b51e9108e9a003982f

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\bin\die\db\LX\_Languages.8.sg.tmp

Filesize
134B

MD5
86938b01bb184336bd3ed2b23180e0c2

SHA1
c292bf17f0473170ac4dacc741170d6b111ec505

SHA256
1423973adf579b4db7870b2f34214f85452ed8bf2f43264cb51237e34706f607

SHA512
c6afb8d3b4edb1b9ba8c1e140c0e81feaf3fce18af63186f45d4fb11f246b093a0e87b1c8354329927cecf616faf380f05617f13b49e369e72120feecba78475

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\platform-2372\data\control\settings.meta.tmp

Filesize
37KB

MD5
3656c6636cd9dbceaf83230c3c9a2be9

SHA1
989f27c6736a943fd4690091fed26f7c17e3c17f

SHA256
f9ae094812ce9fbd56b58dab7739451792aba8f56c5f21eee15ef96682b413a6

SHA512
52bbb8f2b2d6183f30b908d9171a2ec8c2128bbce145b7af0095d4c199b1ec431d650ec4ed0b1b6cbc7bcc8d29da3285cdcc61368faa8c4e57b45315ced4e4ad

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\platform-3095\data\control\settings.meta.tmp

Filesize
39KB

MD5
619814b8b98007c1698576b7e4efb3ec

SHA1
e60f3ceaf5ca78f74e6867f0b042951bffb91786

SHA256
71ad5591441d62d02d2b62155abcf2cab587af49b86e2db5be6729a5b39df5d1

SHA512
55ab0bd3c1750d63ad3304e63b7c26251f01c8994f385e5643e2bbd37fc6595fd0e9f5fc0d76aa655fe8ad3bc6fdee33248d9f4a76cce11a25d84c3f5de16236

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\MessagePack.lua

Filesize
23KB

MD5
e29cc030bab9bee473d52459e4149ac9

SHA1
9f846cfaf45a286407e3a646dcb797bce3521b7d

SHA256
982bc0a1fae3a742f4734d46b1b3a7ed5dccfe74c8d200a598e86f3bfb53db83

SHA512
9138cb3d2491a7798c41301aa21f16a260095a8676251472ee9e4adc800145df7c8a27035173bee80b0c1bae69dbfc86c44526693a3658cd8288348eaabb03c8

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\deferred.lua

Filesize
5KB

MD5
6602d4db454966432cefa1a8341642fb

SHA1
46a9671da3f2960ec8b0a1362f7da4f2230706b8

SHA256
79dda226693419dd4fa97e0892bcb055f3a1c9d2d18061289129ff99a5d4ae61

SHA512
4dea4b02c5a377651b69aebc47d1014d37fbc4537d3322a961cac0637e5e827ba53ac4a792a6062165be6b8b92779355100216a2f48ad9d7b01dc63d626de61f

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\graph.lua

Filesize
41KB

MD5
4def55b050f24e13c0e55442718b1e0d

SHA1
bfac16b2ff31809d143cb09b9870aff576b0217c

SHA256
3914a80a6d4ce428cc4f6405868dc04b7e2318161bc04a82df36d90218e0e12d

SHA512
a689d751218c407fbeaa0a630e8bec863ee325c77be58fd1e7b73ffd65777a73c67c89fc3d3536aadc1b024323b92ac170a25ba49ba7d5e687ce61fda7ecddbe

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\json.lua

Filesize
22KB

MD5
b0efa78f2e2bcccef8b7cd74e6262614

SHA1
aa23918b65a1fbe4e00c5a947fe870ad0a109334

SHA256
ba6d4f165cf43e56c6105a95bd01a46a1fd45b34162f337e9f62c45468188c79

SHA512
11b34077483b628c00a22e8fa1525121e763bb4e7edadd7e3c8d1b35d401f63cb68d7e8795fb8288963abbab15edac3b253dd074ed43209ff0ef612d1bd6d0ca

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\natives_loader.lua

Filesize
2KB

MD5
2665ccffb620ddc87d6d4ff0e29d96b2

SHA1
81da56e78b8684f183b851e330e099703ce5ca8e

SHA256
9f8332212b37d2a064d95f55d7c4ae9069fc8f133a29aea9b3a37d3f84ae2cbe

SHA512
7e12767b8f2658cf6d1ff21681c4ed55d9af1456f7a6823798a8fbc8d4256dd3c5bb5c45c88c3abeae57cb70a53327a8f04e4b7779995b6ec9b31393a2171481

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\natives_server.lua

Filesize
115KB

MD5
aea6da5a36a2b003ba037ac4a2b9ab06

SHA1
e3a55134fb543169a5fc75041454ae636e4bbb63

SHA256
6061745ef9c911e24b32a396d375808a82abb061415bc2b7425f62fd4db12714

SHA512
23a1ccf68ab83ca1da9292b46ac59ee2b6ec9f7fc9b8fdafa77c737d1477fe117851b1b4d89c6725ab997bcf4c6d61aa487a7d8489bfe7ce0197adec8ad4e66c

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\natives_universal.lua.tmp

Filesize
1.8MB

MD5
8dfc5e544595b8dfa391958e886f011c

SHA1
aa9eed8cc993385a0a765594a85514c0b2c19ca6

SHA256
69fe235fc195fbe8feb6ca353f9d65234d56886e963c70110d482f33496affa5

SHA512
9eeb9c0f19924981a6306a49b8aba231918bd137cae763352cfb41ff9860238e8cc3397e3b0910c8081be66c8f2d07f8e7535e722a2d3086834403345fc22cba

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\ny_universal.lua

Filesize
337KB

MD5
7ae793a7622183d5eefda18062485794

SHA1
1733e39c7f6e8675965608cce2f51475b3df2210

SHA256
1bd2ae1eb7cdb93066aa6c2d2d76e74e0cdfa256b9a939c1964fd5e959214a9e

SHA512
3d6f81274f4b0480e82a7b439514404e7d64367bc9c8cfd4dd5ff4ce809a11680e4d6f9e2a59f873ab530141f5d9a9316746637b8eeba122bfa1ff5979523299

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\rdr3_universal.lua

Filesize
1.3MB

MD5
2ba31c72a1ac192229fdd7e04acdabc1

SHA1
2547ffc830d1fbbc09dc55af0bef5fecc927543c

SHA256
fac83616cc448b07a6a98006e3e965f778fa271f20da0e2cd433880c895afc90

SHA512
520ff613e1d823dcb6a9ad34656d375871b517ade0731ac7d0c71cee5bb60185f15951230ba744bd5217be3be15433f5cf20fb56973a5f7b3986935f6f66de5e

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\lua\scheduler.lua

Filesize
25KB

MD5
502c4d82d4ed84c762aa2b6d7bb2338f

SHA1
d5ac3134200deeb9aa106d5ec0391261d6b9961a

SHA256
8fee2d45fa0cbf2c31750d5bb8c3183e43e0d01339e352f4caee24ea2871b6b9

SHA512
3c76bfe4bd7bf9662e718689fd05052a3b07a101e1ea4d3fc4d41d95ff1deac24643149f94bd97af1711178a4f3f3b92178548d2ed270890926b2ddf93f6ecf7

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\resource_init.lua

Filesize
900B

MD5
c73cf6a0b205f1f0577388630f2c32f7

SHA1
460384d6cb91856bd35b404a0bd573ae66ec7c08

SHA256
af4e2b9133fe8e7491a3e9f729d370f348a63a721504cec7975a495136cbd1ab

SHA512
76c0e2428617c1f92bc01a0e19ce34464d4b36b166ea65d2e4bb89dac89f4a1a2d861f8e2aec28ca75800fed2e66f63b4dd5cd23c6c0ded3158f26e18822f180

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\rpc_natives.json

Filesize
15KB

MD5
76ff8e7d4808b770b8f15dd8797bb1eb

SHA1
129d2f896147c70657e81d72056490c09ca81d3e

SHA256
4c7b0b02b3fef49f68590e2580a8c9cfe992125d590003ab9230e7da8234f779

SHA512
ca1614248fbe38f29482696a022dadfbccc5c9528b9f250f95d5ca5d6fe1a2f4ce9b167bd358a0e8880f482ba07587fc56be0f83a1b760def0db54a24b424bd0

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\console.js

Filesize
10KB

MD5
b462e16119895d06546909b14cc1c295

SHA1
7e479be3624eda71cc11b86b9bb60eac35e4a424

SHA256
4b23830b9fb3ca1cfacfbaf99db4656256efc077c0794662c8a7a79779c0aa59

SHA512
83dd287f7d86a45932cc166c1fcee224bd07e595f562ad21866e40bbafc38c753cf211063ddec7ad21cb93f2958d24875b1fc1e7f05ef83624de25d916c7d2c0

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\eventemitter2.js

Filesize
22KB

MD5
92e1bfe9fb85ed9a1901b0bd53552c12

SHA1
7c78ab97449158fddd72743aa86337cf62e4adc5

SHA256
43d978620a09e0cd591703ae557d300bff4d2a96fb24acc5ea97faf010be58f6

SHA512
3819e98ab0f4c5d13f44da3d7b54f377b8aaf20ba1a5236f4b3389acd9bb05e0de5ccb9efdd0b2c39723fdefb8ed108458f1385d57d10f6fe05a35eb22da1310

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\index.d.ts

Filesize
5KB

MD5
090d3435f703078034ccb9ecee1d232a

SHA1
983d73611b844adb089f74149f9d1a7601a4a995

SHA256
790d112e4ee81cce653df1bb408de6d41f198636f825c679a937ad78fb83658a

SHA512
fb471b917180f7c90aed769d7cf6074924343181a981ef486642befc535151edf895895b5cbb6122c27f5aa2f83963dd6a63712613a193b3faf83487fdcc1da0

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\main.js

Filesize
21KB

MD5
c2fbdce96de9b9da591509f746ea6e37

SHA1
41bd1f93b66e065f83d8f3394d907f2a6e7da03f

SHA256
cdbd96ccb512a6cb3990fc93a413e9b90c483b543a01aa7864d841de162e1d3e

SHA512
86d924e6e2f7646e34d9c9d8d972eb5de0c892a6a23282e2f1fd0e7dd8f4b761e67b4b0991a20fd2c534dc461f2580dea3cbfc3e979dde81125bfa1cc5e22f1f

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\msgpack.js

Filesize
51KB

MD5
ecc937ad04f3d534e14777b90bc00162

SHA1
a0a224bdd5e6a74ca1516dd62982b931c8b20f2d

SHA256
f523afd1902ad1a6975cc0d52bfc2ccf9a0fa92f6a76300019e10e93a393ddd0

SHA512
ac62e933ed2ad2a778ad5a8fee85495fafaad5e41cf3c02be98de2e2a3dd15240319b11d89e9ac76717db71210efd447247b533ec14ad26a0ba264f95490b232

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\natives_server.d.ts

Filesize
111KB

MD5
76de99a419a962948ee4517962ce9e12

SHA1
ccb791842d39ee77e0cbfdc12e96f76a8091b1e2

SHA256
191e2946ed0516e1c78fd735c2e7977ed6caa476f44d7216472eb9a9ea782f8a

SHA512
1f3da4a94dcb957ee2f0a3bc6a04dd7da528e6b9724d8571cb2e97c21991f2ae9378cf919d9b46f93a26e2bb0fa010fc174486cf6e2310e5ac52272e0a779a66

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\natives_server.js

Filesize
123KB

MD5
7b8f3fd81d429319da08ec5470e7d1c5

SHA1
cbb083df62055e94af736c2397455409f54b6842

SHA256
ce799bdcf4347706c1829adf05d19f20feb4393eacb13dbe978d72d0747763d5

SHA512
a6300f6d152a43bb47ee3abfcd0b5cbe8e7192babc9524b8ebffa3d6cf55194995c235d510b834e5e76a0d1e507f155c82530eb80c35a72e14b8eea06948dee9

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\natives_universal.d.ts.tmp

Filesize
2.0MB

MD5
e7f541dc74617ecefceb26d6a078aa7e

SHA1
ce07d67bbb7971ce2624a182a383a5ed1c2cec0d

SHA256
f6415665d99ccd723e97253be13fa90a4f8e823ea21331643714572a80e5ef5b

SHA512
9e295b841ff8baa0bff221534ad73c5d9f05d90e0293ad4b3a003c069ed2c83e394b47ba534678b6116204b722f79b7e68e63fabab6aae78d7f1802b7425e517

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\natives_universal.js.tmp

Filesize
1.9MB

MD5
35dfba71a664f7859636fa82df2bb18f

SHA1
41d01dc2eb232c692d53982c09723326add698de

SHA256
70a3b8a7da06357adb039c539a633b7f954403f4023fe18c7ef2d4c33e04d378

SHA512
e622f656b76d9785672b4f1116d21b07537f33a783f6a92f683598b004393c5b4852aa77c4511afc0f4d3f7de1c6efe01648f077f72b800224af3a1358df8d6e

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\ny_universal.d.ts

Filesize
273KB

MD5
c03ef5849c4a1d5a5903646b3f7aaa8a

SHA1
81fb98fccb98740fe8dc1d2e6d7acfdad2b608a5

SHA256
ab0347a4f17543c050b6adf321cd16086bde61d1b926331e8e820e5ddee0d2d7

SHA512
9e429f8134b7d76ed1ddba8c7444e0ed6434a0cad8a861b33f9d91407398b93ce4ff46eacb5cce1faa223c67545f2f65ce19c2bc58be0d92b675b272d6f734f6

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\ny_universal.js

Filesize
398KB

MD5
a8a45f4d441ca6989bff09e908ac3a33

SHA1
e180c7aab7f62e0aac97e3265c2c05bc61d15137

SHA256
5fa6bf10f940bc9ada4985ff18687f52aa13de800357c49e480bd9d6b63eff17

SHA512
310f6aa216e68b431634b040118c922032b30c1a74c2316624ded98875ffe2fce60fd88b9ef40647edf9eb70cc9c562c08aa5902a2f45259aa21c4a55d208418

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\rdr3_universal.d.ts

Filesize
1.4MB

MD5
d3ade469ba8880dc5d9b61eda96d11c5

SHA1
5372c8369c131f9f7983c59f2816f8f189a9c911

SHA256
783a634df3f0d36bf5f2bd986f4856f55f06bbac12b78ebe5433e656392526ea

SHA512
4eaf6f9fc19d0be75969aa1c88b2505c6f868fc1bd3243c15b60f66b41d2dd6d099dded46f69efc4153f115f9f81dde1550b2f7d927eb68bbf60f142dee44bbc

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\rdr3_universal.js

Filesize
1.5MB

MD5
bc8d4d98d898ad8992f73193543a1772

SHA1
ad0de3453e074d7b7468653418cd1f552d49aef3

SHA256
963ae5195ed9c92d409d2cfe714067aec357aab0345c68f6aece9d98d3c35d28

SHA512
cb369cf4149c01a25cfe1fe6d0ad105856ee1ea8610e3961ed757e5784041173b8414d896749a4a28d4efeefbd269faa629b299272867c13da03a1fe52f2cb3a

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\citizen\scripting\v8\timer.js

Filesize
7KB

MD5
0b2d2009f6a36f8a2d7a81b9feea036f

SHA1
235979f343cccc665ce8f0548bb6502e8eb7d446

SHA256
3c0a089db7b91d37ee7688207ff0e1e0a3e7c74a2c62b563713b1540efec1799

SHA512
9b58522ac22fe2ba10eb02b0d73e3d28271b6a98d45c01c02e6ba2b0d9daf66d1a288b9797ed70b0ee8bb484b6b81aa3593c9c8b498c050f752310d06a4c99a8

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\desktop.ini

Filesize
149B

MD5
d9f922a4b3ab62a6082b7f2bad0971fc

SHA1
631c2e55ff87a01528e15ead8a84be7fc2b3471e

SHA256
6ec1f345d329335322295dba7674ffd357676a3af4a0d4f81fe42bb064986630

SHA512
2a01bc1a31b7a99719329f84d2e80da199452c0176282adc8ff989d8bad62c0e7a2f67ee771f45afe252a9bd05eff16580b4649fd7b3733885372e253018e042

Download Submit
C:\Users\Admin\AppData\Local\VMP\VMP.app\desktop.ini

Filesize
79B

MD5
750e375f3c37378440b390311cca5de5

SHA1
a37b3896f848bfe8bd842296e9bdd7bbfc4357f6

SHA256
0b52d9a04a904e061b267655baedd0d64a1efba6b3293ae6701247e81aba99aa

SHA512
d65e4fa9ba17bb45648481dfb26f324abc303b0d145a59b1053e48ce78d7eeaf034e3545018a226d95e9413fbcfec4e9d15e42053808f3755ca4c1e375bf565a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMP.lnk

Filesize
2KB

MD5
619db0b4ac883de9c936254898a2dc76

SHA1
213fb2cc792ec0b26e790927c25bcfc34e5b833c

SHA256
6c6b1bbdeefac267e0e8ba1d3aca886a55494e5ddae4eb5eac9b56cd1835b51b

SHA512
8a7fc7cbdce276108713f2b988355aa13b85bd85cf7dbc99c9de5d3dc7a0f99c3a598257f7462b8ae326c96c3339c882968c630b6a51721b9a6bbf111e0ad952

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 42662.crdownload

Filesize
5.6MB

MD5
fb6d806671fd4868d1cefc9dda05af56

SHA1
a788d9616a586e97c78a5e3a3ce6dad5680fa94a

SHA256
17b42c706e659819de51acb566965faa27818b8e631977016269ed332634e303

SHA512
3d539fd8fce3be0b445d5cd9593f40598a0a89f749442f0789ee4c91d58e128694758b0f3e889d221a6e0c2bd6ace2b898783c62eee61d1228445f9bee693431

Download Submit
C:\Users\Admin\Downloads\VMP.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\VMPe.exe.new

Filesize
5.6MB

MD5
822a870922bb5ae3ab89cb4abd79de79

SHA1
7e899162215a61c0954a41137484e2fe8baf647c

SHA256
2594df81910662fe4b54499c6bc4cd295efea936c7d8fb132e5f2a62b39b9ac2

SHA512
af9a65e6e434eb9c47fa88d3e5dd6c6b3a4a8e320853a4b217df412b6b4d58776f15b80ee1126b7b0c7ca31b0e6d3a46e9deb3e064471914c68663eb15be8a0b

Download Submit